Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Microstub.exe

Overview

General Information

Sample name:Microstub.exe
Analysis ID:1408633
MD5:02bd5dd672a21a001e4b82e2a6031d30
SHA1:777476e4e9bab85545e977279572b38d83869261
SHA256:c230c739f9107e8fd871f2158e2299e010679aed34fb419cd8c9acc8cc4a9a24
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to infect the boot sector
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Query firmware table information (likely to detect VMs)
Sigma detected: Execution from Suspicious Folder
Tries to delay execution (extensive OutputDebugStringW loop)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Microstub.exe (PID: 6364 cmdline: C:\Users\user\Desktop\Microstub.exe MD5: 02BD5DD672A21A001E4B82E2A6031D30)
    • avast_free_antivirus_setup_online_x64.exe (PID: 6608 cmdline: "C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d MD5: 3EE70E7C9C9C36265A818BA9771BBD4C)
      • Instup.exe (PID: 4008 cmdline: "C:\Windows\Temp\asw.65e28d24bc9dfc42\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d MD5: 867935B7C2F24E028AE2F3D87409D273)
        • instup.exe (PID: 2088 cmdline: "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d /online_installer MD5: 867935B7C2F24E028AE2F3D87409D273)
          • aswOfferTool.exe (PID: 4340 cmdline: "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkGToolbar -elevated MD5: 5A74306235AE537F426B84E2DCD48AFA)
          • aswOfferTool.exe (PID: 2004 cmdline: "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" /check_secure_browser MD5: 5A74306235AE537F426B84E2DCD48AFA)
          • aswOfferTool.exe (PID: 6276 cmdline: "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkChrome -elevated MD5: 5A74306235AE537F426B84E2DCD48AFA)
          • aswOfferTool.exe (PID: 5480 cmdline: "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC MD5: 5A74306235AE537F426B84E2DCD48AFA)
            • aswOfferTool.exe (PID: 5672 cmdline: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC MD5: 5A74306235AE537F426B84E2DCD48AFA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine|base64offset|contains: ^r@E+*', Image: C:\Users\Public\Documents\aswOfferTool.exe, NewProcessName: C:\Users\Public\Documents\aswOfferTool.exe, OriginalFileName: C:\Users\Public\Documents\aswOfferTool.exe, ParentCommandLine: "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC, ParentImage: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe, ParentProcessId: 5480, ParentProcessName: aswOfferTool.exe, ProcessCommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, ProcessId: 5672, ProcessName: aswOfferTool.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0061B0E0 CryptDestroyHash,CryptDestroyHash,0_2_0061B0E0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00619250 CryptGenRandom,GetLastError,__CxxThrowException@8,0_2_00619250
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006182F0 CryptDestroyHash,0_2_006182F0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00619450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,0_2_00619450
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00618DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,0_2_00618DC0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00619020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_00619020
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00618260 CryptDestroyHash,0_2_00618260
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00619340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_00619340
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006194D0 CryptHashData,GetLastError,__CxxThrowException@8,0_2_006194D0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00632660 CryptReleaseContext,0_2_00632660
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00618EF0 CryptReleaseContext,0_2_00618EF0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62A8920 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,3_2_00007FF7E62A8920
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF878920 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,7_2_00007FF6EF878920
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_4f276e3e-5
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe
Uses 32bit PE files
Source: Microstub.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: Microstub.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49766 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Microstub.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000000.1777474369.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb8 source: Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdbv source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1730984495.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000B.00000002.2001734795.0000000000B7D000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1730984495.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000003.00000003.1849849182.0000021D4908A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb~ source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000000.1777474369.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: Microstub.exe, 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmp, Microstub.exe, 00000000.00000000.1709323498.0000000000633000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp

Networking

barindex
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Source: Instup.dll.1.drStatic PE information: Found NDIS imports: FwpmSubLayerEnum0, FwpmSubLayerDestroyEnumHandle0, FwpmCalloutEnum0, FwpmSubLayerDeleteByKey0, FwpmEngineClose0, FwpmFilterEnum0, FwpmCalloutCreateEnumHandle0, FwpmTransactionCommit0, FwpmSubLayerCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmEngineOpen0, FwpmProviderDeleteByKey0, FwpmTransactionAbort0, FwpmFreeMemory0, FwpmFilterCreateEnumHandle0, FwpmCalloutDeleteByKey0, FwpmFilterDestroyEnumHandle0, FwpmTransactionBegin0, FwpmCalloutDestroyEnumHandle0
Source: instup_x64_ais-a31.vpx.3.drStatic PE information: Found NDIS imports: FwpmSubLayerEnum0, FwpmSubLayerDestroyEnumHandle0, FwpmCalloutEnum0, FwpmSubLayerDeleteByKey0, FwpmEngineClose0, FwpmFilterEnum0, FwpmCalloutCreateEnumHandle0, FwpmTransactionCommit0, FwpmSubLayerCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmEngineOpen0, FwpmProviderDeleteByKey0, FwpmTransactionAbort0, FwpmFreeMemory0, FwpmFilterCreateEnumHandle0, FwpmCalloutDeleteByKey0, FwpmFilterDestroyEnumHandle0, FwpmTransactionBegin0, FwpmCalloutDestroyEnumHandle0
Source: asw2646ad6031aa5cea.tmp.3.drStatic PE information: Found NDIS imports: FwpmSubLayerEnum0, FwpmSubLayerDestroyEnumHandle0, FwpmCalloutEnum0, FwpmSubLayerDeleteByKey0, FwpmEngineClose0, FwpmFilterEnum0, FwpmCalloutCreateEnumHandle0, FwpmTransactionCommit0, FwpmSubLayerCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmEngineOpen0, FwpmProviderDeleteByKey0, FwpmTransactionAbort0, FwpmFreeMemory0, FwpmFilterCreateEnumHandle0, FwpmCalloutDeleteByKey0, FwpmFilterDestroyEnumHandle0, FwpmTransactionBegin0, FwpmCalloutDestroyEnumHandle0
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.160.176.28 34.160.176.28
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: iavs9x.u.avcdn.net
Source: unknownHTTP traffic detected: POST /cgi-bin/iavsevents.cgi HTTP/1.1Connection: Keep-AliveContent-Type: iavs4/statsContent-MD5: clbYLB68v6qvrnw8NNa+jA==User-Agent: Avast SimpleHttp/3.0Content-Length: 361Host: v7event.stats.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9tiny.u.avast.com/ivps9tiny&#
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotiny.
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotinyO;
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x-xpny9LDVr5GTS
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9xcgiifSwi5
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9xcgiy
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9xxpJ
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tinysImV
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9x9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18.u.avcdn.net/vps18&
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18.u.avcdn.net/vps18L
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tinyyaWF
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitro.u.avast.com/vpsnitroVJFRF9
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny0
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny637:1
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny~
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs5x.u.avast.com/iavs5xtroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x-xp8
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x-xpny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9xcan
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9x.u.avast.com/ivps9xtron
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18.u.avcdn.net/vps18d
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tinyX
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitrotiny.u.avast.com/vpsnitrotinyF
Source: Instup.exe, 00000003.00000002.2980363085.0000021D4789A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitrotiny.u.avast.com/vpsnitrotinye
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitrotiny.u.avast.com/vpsnitrotinyiJDTE9
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/edbZ
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.comirsBaseUrlLastReport(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986351113.0000025EF348E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2977479052.0000025EF3494000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2368464833.0000025EF3493000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs5x.u.avast.com/iavs5x8tinyp:vT
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x-xpG9#
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9x.u.avast.com/ivps9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18tiny.u.avcdn.net/vps18tiny9
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitrotiny.u.avast.com/vpsnitrotiny~
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclidC
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclidF1dG9
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xp/
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x7
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18.u.avcdn.net/vps184
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18.u.avcdn.net/vps18h
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotinydC
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ftp://UnknownWindows-3.11Windows-95Windows-95-OSR2Windows-98Windows-98-SEWindows-MEWindows-CE
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs5x.u.avast.com/iavs5xh
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9xcgiy~
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9tiny.u.avast.com/ivps9tiny;12
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitro.u.avast.com/vpsnitroriodDaD
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotiny37:1X
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotinyscripw
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoi
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.php
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.php$
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpB
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpP
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpT
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpb
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpj
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpn
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpr
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.phpx
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/comLZ
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/hp.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs5x.u.avast.com/iavs5x8tinyf
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs5x.u.avast.com/iavs5xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xp0
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x.cgi
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9xiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9tiny.u.avast.com/ivps9tiny3=7W
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18.u.avcdn.net/vps18H
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tinys
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitro.u.avast.com/vpsnitroJ=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980363085.0000021D4789A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotiny0
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotiny=-
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs5x.u.avast.com/iavs5x8tiny
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.a
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x-xpny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9tiny.u.avast.com/ivps9tinyk
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9x.u.avast.com/ivps9xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18.u.avcdn.net/vps18R
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitro.u.avast.com/vpsnitrov
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Microstub.exe, 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmp, Microstub.exe, 00000000.00000000.1709323498.0000000000633000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs5x.u.avast.com/iavs5xxpya
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x-xpzen_=6
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tinyxOV1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9x.u.avast.com/ivps9xxpjb3V
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18.u.avcdn.net/vps18:
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tiny=
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tinyzIjpj6
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitronU2h
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitrotiny.u.avast.com/vpsnitrotiny.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://keys.backup.norton.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://keys.backup.norton.comLO.3120accountkeysCCT
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x-xpe
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9x.u.avast.com/ivps9xj
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18.u.avcdn.net/vps18F
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tinyA
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avast.com/vpsnitroX
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitrotiny.u.avast.com/vpsnitrotinyNVD
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs5x.u.avast.com/iavs5x7
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs5x.u.avast.com/iavs5xtro~
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xpnyt
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9x.u.avast.com/ivps9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tinyK
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980363085.0000021D4789A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitrotiny.u.avast.com/vpsnitrotiny(
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitrotiny.u.avast.com/vpsnitrotinyjoiaXB
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs5x.u.avast.com/iavs5x9tinyS
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x-xpny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x-xps
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x8tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9tiny.u.avast.com/ivps9tinyF
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9x.u.avast.com/ivps9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18tiny.u.avcdn.net/vps18tiny=
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18tiny.u.avcdn.net/vps18tinyc
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotinye
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotinymShiel_
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs5x.u.avast.com/iavs5x9tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs5x.u.avast.com/iavs5xtro
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1848924802.0000021D4878A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/avbugreport_x64_ais-a31.vpx
Source: Instup.exe, 00000003.00000003.1848924802.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/avdump_x64_ais-a31.vpx
Source: Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/avdump_x64_ais-a31.vpxdefU
Source: Instup.exe, 00000003.00000003.1848924802.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-a31.vpx
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-a31.vpxw
Source: Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/instcont_x64_ais-a31.vpx
Source: Instup.exe, 00000003.00000003.1896660505.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/instup_x64_ais-a31.vpx
Source: Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/offertool_x64_ais-a31.vpx
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/offertool_x64_ais-a31.vpxES
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx
Source: Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/sbr_x64_ais-a31.vpx
Source: Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x/setgui_x64_ais-a31.vpx
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9tiny.u.avast.com/ivps9tinye
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18tiny.u.avcdn.net/vps18tinyF
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18tiny.u.avcdn.net/vps18tinyR
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitro%
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitro=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980363085.0000021D4789A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitrotiny.u.avast.com/vpsnitrotinys
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitrotiny.u.avast.com/vpsnitrotinyt=1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs5x.u.avast.com/iavs5xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xpy
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9xcgit
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9xtroxe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tinyG
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tinywser
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9x.u.avast.com/ivps9x9tinyaramY(
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9x.u.avast.com/ivps9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tiny#
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tinyst-d
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitro.u.avast.com/vpsnitrorefo
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitrotiny.u.avast.com/vpsnitrotinyW;
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs5x.u.avast.com/iavs5xcgiQ
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9x.u.avast.com/ivps9xcgiA
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9x.u.avast.com/ivps9xxp;
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18.u.avcdn.net/vps18V
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitro.u.avast.com/vpsnitro$
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotinyFyaWF
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotinyions)-;
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x-xpnyD
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x/servers.def.vpx
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9tiny.u.avast.com/ivps9tinyl
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18.u.avcdn.net/vps188
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18tiny.u.avcdn.net/vps18tinyll
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitrotiny.u.avast.com/vpsnitrotinyVZFTlRO
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitrotiny.u.avast.com/vpsnitrotinyv
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1734148515.0000025EF5D3D000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1733818961.0000025EF5D38000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1733672890.0000025EF5D2F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1733738868.0000025EF5D32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.ad
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9x.u.avast.com/ivps9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18.u.avcdn.net/vps18P
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotinyGUiOiJ
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotinyN
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs5x.u.avast.com/iavs5x8tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs5x.u.avast.com/iavs5xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9x.u.avast.com/ivps9x9tinyc
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18tiny.u.avcdn.net/vps18tiny;
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotiny37:1
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotinysN
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: Instup.exe, 00000003.00000002.2983225325.0000021D485F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com1
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.comZH
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.come
Source: Instup.exe, 00000003.00000002.2978903588.0000021D4585A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.comys
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.tDelay=60
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x-xp1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9x.u.avast.com/ivps9xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18tiny.u.avcdn.net/vps18tiny90
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xpH
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xpromeEna
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9tiny.u.avast.com/ivps9tinytate
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18tiny.u.avcdn.net/vps18tinyon=1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitro.u.avast.com/vpsnitrodCon
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitrotiny.u.avast.com/vpsnitrotinyn
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs5x.u.avast.com/iavs5x9tinyiOns
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xpcbcc
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xpny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x8tinyg
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9tiny.u.avast.com/ivps9tinyB
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9tiny.u.avast.com/ivps9tinyn_is
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tinypam
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitro4
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitroafte
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitrotiny.u.avast.com/vpsnitrotinyLicens
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs5x.u.avast.com/iavs5x9tinyd
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9tiny.u.avast.com/ivps9tinyR
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9x.u.avast.com/iv
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitro.u.avast.com/vpsnitro&
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitrotiny.u.avast.com/vpsnitrotiny3)
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs5x.u.avast.com/iavs5x8tinyquesV
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x-xp$
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x-xpffery)JPG
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9xcgiY
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9xtro-6
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9xtroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9tiny.u.avast.com/ivps9tiny-50
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9tiny.u.avast.com/ivps9tiny6
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18.u.avcdn.net/vps18N
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18.u.avcdn.net/vps18Z
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18tiny.u.avcdn.net/vps18tiny4
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitro.u.avast.com/vpsnitroV
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitrotiny.u.avast.com/vpsnitrotinye
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitrotiny.u.avast.com/vpsnitrotinyiod=3g
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs5x.u.avast.com/iavs5x8tinye
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs5x.u.avast.com/iavs5xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9xcgiS
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9x9tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18.u.avcdn.net/vps18z
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18.u.avcdn.net/vps18~
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotinym
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsu
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi9tinyP
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi9tinyzZ1N&5
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgicgi
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgicgix
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitrom
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitroy
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgixp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgixpd
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgixpny;-77
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/lM
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/utre
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/.M
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/boot
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi24
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi25
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi4
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi=
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiD;
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiJ
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiL9:
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiM
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiV
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgib
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgifT09
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgii=
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgilcSI
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgio
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgittps
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiuter
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiw
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiy
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiy2
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiyk
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiyvcHR
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs5x.u.avast.com/iavs5xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x-xpnyz;
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x8tinyj
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9x.u.avast.com/ivps9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18.u.avcdn.net/vps182
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitro.u.avast.com/vpsnitroV;
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Microstub.exe, 00000000.00000003.2332107056.0000000005225000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: Microstub.exe, 00000000.00000002.2977329606.00000000051C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: Microstub.exe, 00000000.00000002.2977713855.0000000005226000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332107056.0000000005225000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/u(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9xcgiyB
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9tiny.u.avast.com/ivps9tinyq
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitrotiny.u.avast.com/vpsnitrotinyJ9LDF
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitrotiny.u.avast.com/vpsnitrotinyi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000D.00000002.2000730727.0000000000627000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: Microstub.exe, 00000000.00000003.2332493535.000000000529E000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.2978288498.000000000529E000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332107056.000000000529E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758398770.0000025EF34E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: Microstub.exe, 00000000.00000003.2332551774.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332493535.000000000529E000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332598625.00000000051F2000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.2978288498.000000000529E000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.2977480276.00000000051F3000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332107056.000000000529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758709661.0000025EF351B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758939203.0000025EF34BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect?an=Free&av=24.2.8904&cd=stub-extended&cd3=Online&cid=59c59de
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1759052695.0000025EF352A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758398770.0000025EF3522000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758709661.0000025EF3522000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect?an=Free&av=24.2.8904&cd=stub-extended&cd3=Online&cid=59c5
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/intl/%s/toolbar/ie/partnereula.htmlAvBehav_Gtoolbargtoolbar_installgtoolbar_tx
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9tiny.u.avast.com/ivps9tinyk9
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9x.u.avast.com/ivps9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18.u.avcdn.net/vps18r
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs5x.u.avast.com/iavs5xhingrolUR
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x-xp)
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x9tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tinyX
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tinyr
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitro.u.avast.com/vpsnitrod=12
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotinys_cmp_o
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs5x.u.avast.com/iavs5xtroy1:9T
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9xB
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9xcgiy$:
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18.u.avcdn.net/vps18V
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18tiny.u.avcdn.net/vps18tiny4
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18tiny.u.avcdn.net/vps18tinyc;
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitro.u.avast.com/vpsnitroh;
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitrotiny.u.avast.com/vpsnitrotiny6
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/latest/avast-online-security?utm_source=av-in-app-menu
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/latest/avast-online-security?utm_source=av-in-app-menu8
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/latest/avast-online-security?utm_source=av-in-app-menuy
Source: Instup.exe, 00000003.00000002.2983670045.0000021D486AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avast-online-security/
Source: Instup.exe, 00000003.00000002.2983670045.0000021D486AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avast-online-security/.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1730984495.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1730984495.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%dhttps://analytics.avcdn.net/v4/receive/json/%dP
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%dnorton_account_idslicensehttps://analytics.avcdn
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.nethttps://analytics.avcdn.net/v4/receive/json/67A1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2368983698.0000025EF34E9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758398770.0000025EF34E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2368521252.0000025EF34DA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2978216091.0000025EF34EA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766999996.0000025EF34DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1730984495.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/15Error
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986351113.0000025EF348E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1767273247.0000025EF353E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766999996.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758709661.0000025EF353E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2978467338.0000025EF3511000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2977479052.0000025EF3494000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986692227.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758709661.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2369352481.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2368464833.0000025EF3493000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758398770.0000025EF350F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1768361758.0000025EF34C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986831196.0000025EF34C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2977767036.0000025EF34C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766999996.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2978467338.0000025EF3511000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986692227.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758709661.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2369352481.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758398770.0000025EF350F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70curiT
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1768361758.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758939203.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2977670893.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986351113.0000025EF34B7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986831196.0000025EF34BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/70p
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.surfeasy.com/;https://
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avast.com/installation-complete
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avast.com/installation-completehttps://avg.com/installation-completeproduct_skuFreeProIntern
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avg.com/installation-complete
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/dmFyaWFibGU&
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe#X
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe?campaign_source=av_install_t
Source: Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000B.00000002.2001734795.0000000000B7D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avg_secure_browser_setup-szb.exehttps://cdn-av-download.ava
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.avast.com/static/default/js/ws-activation.js;https://checkout-stage.avast.com/stati
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chess24.com/;https://
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/avast-online-security-pri/gomekmidlodglbbmalcneegieacbdmki
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000B.00000002.2001734795.0000000000B7D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000B.00000002.2001734795.0000000000B7D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000B.00000002.2001734795.0000000000B7D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fallback.nos-avg.cz./servers.json
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google-analytics.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns-legacy.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns-legacy.sb.avast.comhttps://winqual.sb.avast.com/V1/MDHostapplication/octet-streamContent
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hoetup/avast-vpn/rine_setup.exBTest_DetectionDupNotifMode=opupNotifModeExpBTest_Protecldown=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980500640.0000021D47908000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exe
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exeA
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exeUID)
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av//avast_premium_security_online_setup.exe/avast_omni_online_s
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980500640.0000021D47908000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe)
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe1i
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_online_setup.exe
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_online_setup.exemp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_online_setup.exexeu
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exe
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exe9
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980500640.0000021D47908000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exe
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exeY
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exeZ
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exe
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exe1-1
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exeerformed.
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exeov.br
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exe
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exe%
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exev
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980500640.0000021D47908000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exe
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exed
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exee
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exexed
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe4V
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe5
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeA
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeEM32Z
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeG
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeUV
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exee
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exe
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exe=
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exee
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exeef
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exehV
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exei
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exel
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exep
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exepl
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exepll
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exerV
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exesic
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exesicQ
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exet)l
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exexe
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exexec
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.t-atrk/releack_online_setup.honzik.avcdn-bg/release/avase_setup.exe
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzup/avast-vpn/rele_setup.exe
Source: Microstub.exe, 00000000.00000002.2977480276.000000000520A000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332598625.000000000520A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/
Source: Microstub.exe, 00000000.00000003.2332551774.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.2977329606.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.2977455626.00000000051EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe
Source: Microstub.exe, 00000000.00000002.2977329606.00000000051C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exed
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2978903588.0000021D4585A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastiump
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastiumtUpd
Source: Instup.exe, 00000003.00000002.2978903588.0000021D4585A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastiumx
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.come3Fh
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.comtu
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avast.com
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://idst.com
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/edFZ
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/php
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/phpl
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2978903588.0000021D4585A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/.28.
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/X
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/api/?action=2&p_elm=136
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/api/?action=2&p_elm=137
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/api/?action=2&p_elm=1370
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lastpass.com/;https://
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.come:00
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.comgnQiOjn
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.comn_devicecountand
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onlinebanking.securetrustbank.com/;https://
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner-v6.ff.avast.com/v2/inspection
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner-v6.ff.avast.com/v2/inspection=
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner-v6.ff.avast.com/v2/inspectionslcSIw
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspection
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspectionm
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspectionnges
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspectionny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D485F9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2978903588.0000021D4585A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.comTrial
Source: Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.comdlernstcn
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.comerver4W
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pamcdn.avast.co
Source: Instup.exe, 00000003.00000002.2983670045.0000021D486AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2978903588.0000021D45848000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pamcdn.avast.com/pamcdn/extensions/install/win/extension/index.html?p_pei=%token%&cn=%cn%&cs
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastAccountDomvast.com
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://quickbooksratable.api.intuit.com/;https://s-install.avcdn.net/;https://
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896660505.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848924802.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896660505.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848924802.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x-xp
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x-xpv
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9xvps18f
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.327/updatefile.json
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.327/updatefile.jsonbWx
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.799/updatefile.json
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.799/updatefile.jsonxB
Source: Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000B.00000002.2001734795.0000000000B7D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://s-tools.avcdn.net/tools/chrome/av-chrome-2019.exe.lzma.tmpInstallerOffers.GoogleChrome/r:
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896660505.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848924802.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18.avcdn.net/vps18
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18.avcdn.net/vps18pera
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896660505.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848924802.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18tiny.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18tiny.avcdn.net/vps18tinyD
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896660505.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848924802.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitro.avcdn.net/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896660505.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913731922.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848924802.0000021D4878A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny
Source: Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny981ZH
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stdl.qq.com/;https://
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://storage.cloud.google.com/;https://services.google.com/;https://lh
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.net
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.netche
Source: Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.netled
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.netm13?
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.avast.com/issue_detailstatus_imgredlevelyellowbluehintadditionaldescriptionissue_act
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/;https://accounts.google.com/;https://ssl.gstatic.com/;https://clients6.g
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.2#
Source: Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4
Source: Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi&
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi37:1
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi37:10
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi37:1_
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi7:1
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi7:18
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiG
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiJ2YXJ
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiV
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiV4In0
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiWl=1
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgic
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgie
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgig
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiiOiI
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiour=4
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgislot
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgixf
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgixzdCJ
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.com.br
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi4
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi6
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiCJlbGVtZW5G
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiD461637:1
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiF
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiNVD
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiPU
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiSI6IkNMT1N
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiSx7ImVxdWF
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiV
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiVZBU1RfQVZ?
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiXJpYWJsZSI
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiernals
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgif
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiles
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiin
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny0FWX1B
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny37:1
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny37:1/
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny637:1
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny637:1W
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny?
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyN
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinySIsIm5
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyf
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyg;
Source: Instup.exe, 00000003.00000002.2978903588.0000021D45848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyh
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyk.com
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinylic
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinymQiOlto
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyn
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinynQiOiJ
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinysV
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyt
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinytailex
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyw
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyzAsInRW
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyzc2fSx
Source: Instup.exe, 00000003.00000002.2980363085.0000021D4789A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiion
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgijp7ImxhdW5
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgikVSX0VWRU5g
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgilot
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgim5hbWUiOiJ
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgimNvbnN0cmF
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgin
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgin0sMF19LHs
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cginsicGFyYW1/
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiom
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgit
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiv
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgivpx
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiyJ0cnlBZ2F
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiyJ2YXJpYWJ
Source: Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgv#
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2368983698.0000025EF34E9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758398770.0000025EF34E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2368521252.0000025EF34DA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2978216091.0000025EF34EA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766999996.0000025EF34DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/
Source: Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi&
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766999996.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2978467338.0000025EF3511000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986692227.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758709661.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2369352481.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758398770.0000025EF350F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi(
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi096MBRAM
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi0hJH
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi0seyJ
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi1lIjow
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi1lbnR_
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi4iOiI
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi4iOns
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi5
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi6
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi7:1
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi9uIiw
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi=;
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiBtLnB
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiD
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiE
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiF
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiFua19
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiJsZXN
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiJwX2V7
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiN
Source: Instup.exe, 00000003.00000002.2980363085.0000021D4789A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiP4
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiPerTe
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiVBY3R
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiVudCI
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiZhbHV
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi_;
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgie
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgieference
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgig
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgilcome
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgilmeUx
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cginIntr7
Source: Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgineIntelIn~
Source: Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiwiQ0x
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgix6
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgix~
Source: Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi~
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1768361758.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758939203.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2977670893.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986351113.0000025EF34B7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986831196.0000025EF34BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comavast_streamback_
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.comhttps://hns-legacy.sb.avast.comhttps://submit.sb.avast.comhttps://virusl
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wow-upgrade.uc.cn/;https://
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/%s/eula#pchttps://www.avg.com/%s/eula#pchttps://www.avira.com/en/license-agree
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/%s/chrome/browser/privacy/eula_text.htmlhttps://www.google.com/chrome/br
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/%s/policies/terms/
Source: Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sharelatex.com/;https://
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9FF8AF0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,3_2_00007FFDF9FF8AF0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9FF8AF0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,3_2_00007FFDF9FF8AF0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF89C8AF0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,7_2_00007FFDF89C8AF0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF89C8570 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,RegisterClipboardFormatW,SetClipboardData,CloseClipboard,7_2_00007FFDF89C8570
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E5E890 KillTimer,GetAsyncKeyState,GetDoubleClickTime,SetTimer,GetAsyncKeyState,KillTimer,KillTimer,GetCursorPos,WindowFromPoint,ScreenToClient,KillTimer,KillTimer,GetCursorPos,ScreenToClient,GetAsyncKeyState,3_2_00007FFDF9E5E890
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62A5D00 RegCloseKey,SetLastError,RegSetValueExW,RegCloseKey,SetLastError,RegQueryMultipleValuesW,RegCloseKey,SetLastError,NtClose,3_2_00007FF7E62A5D00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E6292980 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,3_2_00007FF7E6292980
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,3_2_00007FF7E617F560
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF862980 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,7_2_00007FF6EF862980
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF74F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,7_2_00007FF6EF74F560
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF875D00 RegCloseKey,SetLastError,RegSetValueExW,RegCloseKey,SetLastError,RegQueryMultipleValuesW,RegCloseKey,SetLastError,NtClose,7_2_00007FF6EF875D00
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0061A100: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,0_2_0061A100
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006152F00_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0061BB700_2_0061BB70
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0062C9D00_2_0062C9D0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0063126C0_2_0063126C
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0061D3400_2_0061D340
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0061EDE00_2_0061EDE0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0062CE7E0_2_0062CE7E
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006266E40_2_006266E4
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF71DE81EE81_2_00007FF71DE81EE8
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF71DDA10001_2_00007FF71DDA1000
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62AA7203_2_00007FF7E62AA720
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E616C04B3_2_00007FF7E616C04B
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617E5203_2_00007FF7E617E520
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E616B5E03_2_00007FF7E616B5E0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617CE403_2_00007FF7E617CE40
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617A4703_2_00007FF7E617A470
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62A5D003_2_00007FF7E62A5D00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62A89203_2_00007FF7E62A8920
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62A49803_2_00007FF7E62A4980
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E6149A813_2_00007FF7E6149A81
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617C2D03_2_00007FF7E617C2D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62A63003_2_00007FF7E62A6300
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E631D7783_2_00007FF7E631D778
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61807703_2_00007FF7E6180770
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E630DFFC3_2_00007FF7E630DFFC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61410003_2_00007FF7E6141000
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61598003_2_00007FF7E6159800
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61568103_2_00007FF7E6156810
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E630D8543_2_00007FF7E630D854
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E629F5503_2_00007FF7E629F550
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E6145F003_2_00007FF7E6145F00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61513303_2_00007FF7E6151330
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E6320B203_2_00007FF7E6320B20
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617DB903_2_00007FF7E617DB90
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E6147B703_2_00007FF7E6147B70
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E614D3E03_2_00007FF7E614D3E0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E631C4903_2_00007FF7E631C490
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E630DC283_2_00007FF7E630DC28
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E630FCDC3_2_00007FF7E630FCDC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E630ECF83_2_00007FF7E630ECF8
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62AACE03_2_00007FF7E62AACE0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61F09403_2_00007FF7E61F0940
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61459603_2_00007FF7E6145960
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E629B1D03_2_00007FF7E629B1D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61451F23_2_00007FF7E61451F2
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61562503_2_00007FF7E6156250
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E61423103_2_00007FF7E6142310
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9F919203_2_00007FFDF9F91920
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E929D03_2_00007FFDF9E929D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA11FB1C3_2_00007FFDFA11FB1C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA0CCAE03_2_00007FFDFA0CCAE0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E8A9903_2_00007FFDF9E8A990
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA0C1B703_2_00007FFDFA0C1B70
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E9F9503_2_00007FFDF9E9F950
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA102B843_2_00007FFDFA102B84
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E9B9103_2_00007FFDF9E9B910
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA100BA43_2_00007FFDFA100BA4
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9F18BC03_2_00007FFDF9F18BC0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E5E8903_2_00007FFDF9E5E890
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E8F8903_2_00007FFDF9E8F890
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E6DC003_2_00007FFDF9E6DC00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA03E8C03_2_00007FFDFA03E8C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA1019543_2_00007FFDFA101954
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E6AB003_2_00007FFDF9E6AB00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EE3B003_2_00007FFDF9EE3B00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EB1AF03_2_00007FFDF9EB1AF0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EA5A803_2_00007FFDF9EA5A80
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E86A703_2_00007FFDF9E86A70
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EA6DB03_2_00007FFDF9EA6DB0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E8ADA03_2_00007FFDF9E8ADA0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA047F7C3_2_00007FFDFA047F7C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA12EF603_2_00007FFDFA12EF60
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EE5D303_2_00007FFDF9EE5D30
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA102FB83_2_00007FFDFA102FB8
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E6DCD03_2_00007FFDF9E6DCD0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA12A01C3_2_00007FFDFA12A01C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA11EFEC3_2_00007FFDFA11EFEC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA0D30203_2_00007FFDFA0D3020
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E930503_2_00007FFDF9E93050
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EA70403_2_00007FFDF9EA7040
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E6B0103_2_00007FFDF9E6B010
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA10BCD03_2_00007FFDFA10BCD0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E8EFA03_2_00007FFDF9E8EFA0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E56F8C3_2_00007FFDF9E56F8C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EB4F703_2_00007FFDF9EB4F70
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9F20D503_2_00007FFDF9F20D50
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EB5E803_2_00007FFDF9EB5E80
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA0CA2603_2_00007FFDFA0CA260
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E862103_2_00007FFDF9E86210
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E902103_2_00007FFDF9E90210
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EA72003_2_00007FFDF9EA7200
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA1003FC3_2_00007FFDFA1003FC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EA60D03_2_00007FFDF9EA60D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EB20A03_2_00007FFDF9EB20A0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E9D0A03_2_00007FFDF9E9D0A0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA0C94203_2_00007FFDFA0C9420
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA1020703_2_00007FFDFA102070
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9F920703_2_00007FFDF9F92070
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E5B3A03_2_00007FFDF9E5B3A0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9F971603_2_00007FFDF9F97160
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9E912E03_2_00007FFDF9E912E0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EA02C03_2_00007FFDF9EA02C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDF9EA62C03_2_00007FFDF9EA62C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8789207_2_00007FF6EF878920
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF73C04B7_2_00007FF6EF73C04B
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF87A7207_2_00007FF6EF87A720
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF74CE407_2_00007FF6EF74CE40
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF73B5E07_2_00007FF6EF73B5E0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF74E5207_2_00007FF6EF74E520
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF74A4707_2_00007FF6EF74A470
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF74C2D07_2_00007FF6EF74C2D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7123107_2_00007FF6EF712310
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8763007_2_00007FF6EF876300
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF719A817_2_00007FF6EF719A81
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8749807_2_00007FF6EF874980
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8E00A87_2_00007FF6EF8E00A8
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7298007_2_00007FF6EF729800
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7110007_2_00007FF6EF711000
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7268107_2_00007FF6EF726810
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7507707_2_00007FF6EF750770
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8ED7787_2_00007FF6EF8ED778
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF715F007_2_00007FF6EF715F00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8DDE107_2_00007FF6EF8DDE10
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF86F5507_2_00007FF6EF86F550
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF87ACE07_2_00007FF6EF87ACE0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF875D007_2_00007FF6EF875D00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8EC4907_2_00007FF6EF8EC490
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF71D3E07_2_00007FF6EF71D3E0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF717B707_2_00007FF6EF717B70
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF74DB907_2_00007FF6EF74DB90
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8F0B207_2_00007FF6EF8F0B20
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7213307_2_00007FF6EF721330
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7262507_2_00007FF6EF726250
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8DDA3C7_2_00007FF6EF8DDA3C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF86B1D07_2_00007FF6EF86B1D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8DE1E47_2_00007FF6EF8DE1E4
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7151F27_2_00007FF6EF7151F2
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7C09407_2_00007FF6EF7C0940
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF7159607_2_00007FF6EF715960
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF89619207_2_00007FFDF8961920
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8982CA07_2_00007FFDF8982CA0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8826F8C7_2_00007FFDF8826F8C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88334707_2_00007FFDF8833470
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF886B9107_2_00007FFDF886B910
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AD19547_2_00007FFDF8AD1954
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF886F9507_2_00007FFDF886F950
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF882E8907_2_00007FFDF882E890
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF885F8907_2_00007FFDF885F890
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8A0E8C07_2_00007FFDF8A0E8C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF885A9907_2_00007FFDF885A990
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88629D07_2_00007FFDF88629D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AEFB1C7_2_00007FFDF8AEFB1C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8881AF07_2_00007FFDF8881AF0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF883AB007_2_00007FFDF883AB00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88B3B007_2_00007FFDF88B3B00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8A9CAE07_2_00007FFDF8A9CAE0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8856A707_2_00007FFDF8856A70
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8875A807_2_00007FFDF8875A80
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF883DC007_2_00007FFDF883DC00
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AD2B847_2_00007FFDF8AD2B84
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8A91B707_2_00007FFDF8A91B70
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AD0BA47_2_00007FFDF8AD0BA4
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88E8BC07_2_00007FFDF88E8BC0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88B5D307_2_00007FFDF88B5D30
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8ADBCD07_2_00007FFDF8ADBCD0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF883DCD07_2_00007FFDF883DCD0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88AAD807_2_00007FFDF88AAD80
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8876DB07_2_00007FFDF8876DB0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF885ADA07_2_00007FFDF885ADA0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8885E807_2_00007FFDF8885E80
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AFA01C7_2_00007FFDF8AFA01C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AEEFEC7_2_00007FFDF8AEEFEC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88630507_2_00007FFDF8863050
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88770407_2_00007FFDF8877040
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AA30207_2_00007FFDF8AA3020
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8884F707_2_00007FFDF8884F70
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8A17F7C7_2_00007FFDF8A17F7C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AFEF607_2_00007FFDF8AFEF60
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF885EFA07_2_00007FFDF885EFA0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AD2FB87_2_00007FFDF8AD2FB8
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF89800E07_2_00007FFDF89800E0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AD20707_2_00007FFDF8AD2070
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF89620707_2_00007FFDF8962070
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88820A07_2_00007FFDF88820A0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF886D0A07_2_00007FFDF886D0A0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88760D07_2_00007FFDF88760D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88602107_2_00007FFDF8860210
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88562107_2_00007FFDF8856210
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AE31F07_2_00007FFDF8AE31F0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88772007_2_00007FFDF8877200
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF89061607_2_00007FFDF8906160
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF89671607_2_00007FFDF8967160
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88612E07_2_00007FFDF88612E0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8A9A2607_2_00007FFDF8A9A260
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88702C07_2_00007FFDF88702C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88762C07_2_00007FFDF88762C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88E92C07_2_00007FFDF88E92C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AD03FC7_2_00007FFDF8AD03FC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8A994207_2_00007FFDF8A99420
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF882B3A07_2_00007FFDF882B3A0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AF44F07_2_00007FFDF8AF44F0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88755507_2_00007FFDF8875550
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AEF49C7_2_00007FFDF8AEF49C
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF886B4907_2_00007FFDF886B490
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF885E6207_2_00007FFDF885E620
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF89C86307_2_00007FFDF89C8630
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF883D5907_2_00007FFDF883D590
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88555C07_2_00007FFDF88555C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8A9C6F07_2_00007FFDF8A9C6F0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8A9A7507_2_00007FFDF8A9A750
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88607207_2_00007FFDF8860720
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF893B7307_2_00007FFDF893B730
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF885C8107_2_00007FFDF885C810
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF88A88307_2_00007FFDF88A8830
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF885D7607_2_00007FFDF885D760
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AD07D07_2_00007FFDF8AD07D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: String function: 00007FF7E61467A0 appears 113 times
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: String function: 00007FFDFA0BF6C0 appears 34 times
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: String function: 00007FFDF9F96E70 appears 31 times
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: String function: 00007FFDFA0FE900 appears 33 times
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: String function: 00007FF6EF7167A0 appears 113 times
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: String function: 00007FFDF8A8F6C0 appears 44 times
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: String function: 00007FFDF8966E70 appears 31 times
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: String function: 00007FFDF8ACE900 appears 47 times
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: String function: 00007FFDF8A096BC appears 32 times
Source: Instup.dll.1.drStatic PE information: Resource name: FILE type: PE32 executable (console) Intel 80386, for MS Windows
Source: Instup.dll.1.drStatic PE information: Resource name: FILE type: PE32+ executable (GUI) x86-64, for MS Windows
Source: Instup.dll.1.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: Instup.dll.1.drStatic PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: Instup.dll.1.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: instup_x64_ais-a31.vpx.3.drStatic PE information: Resource name: FILE type: PE32 executable (console) Intel 80386, for MS Windows
Source: instup_x64_ais-a31.vpx.3.drStatic PE information: Resource name: FILE type: PE32+ executable (GUI) x86-64, for MS Windows
Source: instup_x64_ais-a31.vpx.3.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: instup_x64_ais-a31.vpx.3.drStatic PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: instup_x64_ais-a31.vpx.3.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: offertool_x64_ais-a31.vpx.3.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: asw2646ad6031aa5cea.tmp.3.drStatic PE information: Resource name: FILE type: PE32 executable (console) Intel 80386, for MS Windows
Source: asw2646ad6031aa5cea.tmp.3.drStatic PE information: Resource name: FILE type: PE32+ executable (GUI) x86-64, for MS Windows
Source: asw2646ad6031aa5cea.tmp.3.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: asw2646ad6031aa5cea.tmp.3.drStatic PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: asw2646ad6031aa5cea.tmp.3.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: asw8caedf1760e6537e.tmp.3.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: aswOfferTool.exe.11.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: wscapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: wscapi.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: version.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: winmm.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: version.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: winmm.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: Microstub.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal48.troj.evad.winEXE@16/60@84/2
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006152F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_006152F0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,3_2_00007FF7E617F560
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00611930 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,GlobalFree,CoInitializeEx,CoCreateInstance,GetDC,CreateDIBSection,ReleaseDC,DeleteObject,0_2_00611930
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006138C0 CreateFileMappingW,GetLastError,MapViewOfFile,GetLastError,FindResourceW,LoadResource,wsprintfW,GetLastError,UnmapViewOfFile,CloseHandle,SetLastError,0_2_006138C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exe
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeMutant created: NULL
Source: C:\Users\user\Desktop\Microstub.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Asw_38ad049366f8c96ef8f9c5335b616b8b
Source: C:\Users\user\Desktop\Microstub.exeFile created: C:\Windows\Temp\asw.d0a41a8c5e258f0dJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /silent0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /cookie0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /ppi_icd0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /cust_ini0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: Enabled0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxyType0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: Port0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: User0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: Password0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: ProxySettings0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: Properties0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: /smbupd0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: enable0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: mirror0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: count0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: servers0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: urlpgm0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: server00_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: http://0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: https://0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: allow_fallback0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: mirror0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: installer.exe0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: {versionSwitch}0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: stable0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: %s\%s0_2_006152F0
Source: C:\Users\user\Desktop\Microstub.exeCommand line argument: X>c0_2_006152F0
Source: Microstub.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\Temp\asw.65e28d24bc9dfc42\asw1da49b60db914d3e.iniJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Instup.exeString found in binary or memory: <!--StartFragment-->
Source: Instup.exeString found in binary or memory: animation-start!
Source: instup.exeString found in binary or memory: <!--StartFragment-->
Source: instup.exeString found in binary or memory: animation-start!
Source: unknownProcess created: C:\Users\user\Desktop\Microstub.exe C:\Users\user\Desktop\Microstub.exe
Source: C:\Users\user\Desktop\Microstub.exeProcess created: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d /online_installer
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkGToolbar -elevated
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" /check_secure_browser
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkChrome -elevated
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeProcess created: C:\Users\Public\Documents\aswOfferTool.exe "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
Source: C:\Users\user\Desktop\Microstub.exeProcess created: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0dJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0dJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d /online_installerJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkGToolbar -elevatedJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" /check_secure_browserJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkChrome -elevatedJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFCJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile written: C:\Windows\Temp\asw.65e28d24bc9dfc42\asw1da49b60db914d3e.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Microstub.exeStatic PE information: certificate valid
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Microstub.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Microstub.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000000.1777474369.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb8 source: Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdbv source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1730984495.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 0000000B.00000002.2001734795.0000000000B7D000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1730984495.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000003.00000003.1849849182.0000021D4908A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb~ source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000000.1777474369.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: Microstub.exe, 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmp, Microstub.exe, 00000000.00000000.1709323498.0000000000633000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmp
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Microstub.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00618130 LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00618130
Source: Microstub.exeStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: _RDATA
Source: HTMLayout.dll.1.drStatic PE information: section name: _RDATA
Source: Instup.dll.1.drStatic PE information: section name: .didat
Source: Instup.dll.1.drStatic PE information: section name: _RDATA
Source: Instup.exe.1.drStatic PE information: section name: _RDATA
Source: avbugreport_x64_ais-a31.vpx.3.drStatic PE information: section name: _RDATA
Source: avdump_x64_ais-a31.vpx.3.drStatic PE information: section name: .didat
Source: avdump_x64_ais-a31.vpx.3.drStatic PE information: section name: _RDATA
Source: avdump_x86_ais-a31.vpx.3.drStatic PE information: section name: .didat
Source: instcont_x64_ais-a31.vpx.3.drStatic PE information: section name: _RDATA
Source: instup_x64_ais-a31.vpx.3.drStatic PE information: section name: .didat
Source: instup_x64_ais-a31.vpx.3.drStatic PE information: section name: _RDATA
Source: setgui_x64_ais-a31.vpx.3.drStatic PE information: section name: _RDATA
Source: asw5cca90484465b52b.tmp.3.drStatic PE information: section name: _RDATA
Source: asw16fa03160b250d0c.tmp.3.drStatic PE information: section name: .didat
Source: asw16fa03160b250d0c.tmp.3.drStatic PE information: section name: _RDATA
Source: asw16db19f2c712734f.tmp.3.drStatic PE information: section name: _RDATA
Source: asw2646ad6031aa5cea.tmp.3.drStatic PE information: section name: .didat
Source: asw2646ad6031aa5cea.tmp.3.drStatic PE information: section name: _RDATA
Source: asw4d28d15b57d50add.tmp.3.drStatic PE information: section name: _RDATA
Source: gcapi.dll.10.drStatic PE information: section name: .00cfg
Source: gcapi.dll.10.drStatic PE information: section name: .voltbl
Source: gcapi.dll.10.drStatic PE information: section name: malloc_h
Source: gcapi.dll.13.drStatic PE information: section name: .00cfg
Source: gcapi.dll.13.drStatic PE information: section name: .voltbl
Source: gcapi.dll.13.drStatic PE information: section name: malloc_h
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00621396 push ecx; ret 0_2_006213A9
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E616873A push rsi; retf 0024h3_2_00007FF7E616873B
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E6168748 push rax; retf 0024h3_2_00007FF7E6168749
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF73873A push rsi; retf 0024h7_2_00007FF6EF73873B
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF738748 push rax; retf 0024h7_2_00007FF6EF738749

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\Microstub.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_0061A100
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw8caedf1760e6537e.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\instup_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x86_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswacc1d9fddf6660ef.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw5cca90484465b52b.tmpJump to dropped file
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw16fa03160b250d0c.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw4d28d15b57d50add.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw16db19f2c712734f.tmpJump to dropped file
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeJump to dropped file
Source: C:\Users\user\Desktop\Microstub.exeFile created: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw2646ad6031aa5cea.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\avbugreport_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\setgui_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\sbr_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\sbr.exe (copy)Jump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeFile created: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\offertool_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\instcont_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw8caedf1760e6537e.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\instup_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x86_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswacc1d9fddf6660ef.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw5cca90484465b52b.tmpJump to dropped file
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw16fa03160b250d0c.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw4d28d15b57d50add.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw16db19f2c712734f.tmpJump to dropped file
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeJump to dropped file
Source: C:\Users\user\Desktop\Microstub.exeFile created: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw2646ad6031aa5cea.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\avbugreport_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\setgui_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\sbr_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\offertool_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\instcont_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\avbugreport_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x86_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\instcont_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\instup_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\offertool_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\sbr_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeFile created: C:\Windows\Temp\asw.65e28d24bc9dfc42\setgui_x64_ais-a31.vpxJump to dropped file
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006152F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_006152F0

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\Microstub.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_0061A100
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgrJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\Microstub.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeSection loaded: OutputDebugStringW count: 140
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeSection loaded: OutputDebugStringW count: 121
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62AA720 rdtsc 3_2_00007FF7E62AA720
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,3_2_00007FF7E617F560
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw4d28d15b57d50add.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\instup_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw2646ad6031aa5cea.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\avbugreport_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\setgui_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x86_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x64_ais-a31.vpxJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\sbr_x64_ais-a31.vpxJump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeDropped PE file which has not been started: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswacc1d9fddf6660ef.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw5cca90484465b52b.tmpJump to dropped file
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw16fa03160b250d0c.tmpJump to dropped file
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\Microstub.exe TID: 6400Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe TID: 7008Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe TID: 6992Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe TID: 1856Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0061792C VirtualQuery,GetSystemInfo,0_2_0061792C
Source: Microstub.exe, 00000000.00000003.2332107056.0000000005289000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.1727246687.000000000529E000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332493535.000000000529E000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.2978288498.000000000529E000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332107056.000000000529E000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332493535.000000000528B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1767939255.0000025EF84C2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2369130525.0000025EF84B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2369130525.0000025EF84C2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2368464833.0000025EF34B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Microstub.exe, 00000000.00000003.2332551774.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332598625.00000000051F2000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.2977480276.00000000051F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(*
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E616F480 GetCurrentProcess,CheckRemoteDebuggerPresent,NdrClientCall3,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,GetCurrentProcess,FlushInstructionCache,3_2_00007FF7E616F480
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62AA720 rdtsc 3_2_00007FF7E62AA720
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E6292A90 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,LdrUnlockLoaderLock,3_2_00007FF7E6292A90
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006210FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006210FF
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62FDC30 GetLastError,IsDebuggerPresent,OutputDebugStringW,3_2_00007FF7E62FDC30
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617F560 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,3_2_00007FF7E617F560
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00618130 LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00618130
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00627C5A mov eax, dword ptr fs:[00000030h]0_2_00627C5A
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0061F080 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,0_2_0061F080
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006210FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006210FF
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00621292 SetUnhandledExceptionFilter,0_2_00621292
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006213AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_006213AB
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_00624476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00624476
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF71DE59100 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF71DE59100
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF71DE68660 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF71DE68660
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF71DE595CC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF71DE595CC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617A470 GetModuleHandleW,GetProcAddress,GetCurrentThreadId,EnterCriticalSection,GetProcessHeap,HeapFree,LeaveCriticalSection,RtlAddVectoredExceptionHandler,SetErrorMode,VirtualQuery,GetModuleHandleW,GetModuleHandleW,RevertToSelf,3_2_00007FF7E617A470
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617AA60 SetUnhandledExceptionFilter,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,3_2_00007FF7E617AA60
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E6311E34 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF7E6311E34
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E617AC50 GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,SetUnhandledExceptionFilter,3_2_00007FF7E617AC50
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62FD2EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF7E62FD2EC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA114B74 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFDFA114B74
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FFDFA0D41F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFDFA0D41F8
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF74A470 GetModuleHandleW,GetProcAddress,GetCurrentThreadId,EnterCriticalSection,GetProcessHeap,HeapFree,LeaveCriticalSection,RtlAddVectoredExceptionHandler,SetErrorMode,VirtualQuery,GetModuleHandleW,GetModuleHandleW,RevertToSelf,7_2_00007FF6EF74A470
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF74AA60 SetUnhandledExceptionFilter,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,7_2_00007FF6EF74AA60
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8E1E34 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF6EF8E1E34
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF74AC50 GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,SetUnhandledExceptionFilter,7_2_00007FF6EF74AC50
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF8CD2EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF6EF8CD2EC
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AE4B74 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FFDF8AE4B74
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FFDF8AA41F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FFDF8AA41F8
Source: C:\Users\user\Desktop\Microstub.exeProcess created: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0dJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0dJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe "C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d /online_installerJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe "c:\windows\temp\asw.65e28d24bc9dfc42\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:c:\windows\temp\asw.d0a41a8c5e258f0d
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe "c:\windows\temp\asw.65e28d24bc9dfc42\new_180217d8\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:c:\windows\temp\asw.d0a41a8c5e258f0d /online_installer
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe "c:\windows\temp\asw.65e28d24bc9dfc42\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:c:\windows\temp\asw.d0a41a8c5e258f0dJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeProcess created: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe "c:\windows\temp\asw.65e28d24bc9dfc42\new_180217d8\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:c:\windows\temp\asw.d0a41a8c5e258f0d /online_installerJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E62920E0 FreeSid,AllocateAndInitializeSid,DuplicateToken,CheckTokenMembership,FindCloseChangeNotification,GetLastError,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,CloseHandle,GetLastError,GetLastError,3_2_00007FF7E62920E0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UGetMonitorInfoWMonitorFromWindowUSER32.DLLWorkerWProgman%s KERNEL32.DLL
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0062153D cpuid 0_2_0062153D
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: EnumSystemLocalesW,3_2_00007FF7E6323FF4
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: EnumSystemLocalesW,3_2_00007FF7E6329D98
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: EnumSystemLocalesW,3_2_00007FF7E6329E68
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_00007FF7E632A484
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: GetLocaleInfoW,3_2_00007FF7E63244D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,3_2_00007FF7E6329A48
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_00007FF7E632A2A8
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: GetLocaleInfoA,LeaveCriticalSection,3_2_00007FFDF9E57E67
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: EnumSystemLocalesW,7_2_00007FF6EF8F3FF4
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: EnumSystemLocalesW,7_2_00007FF6EF8F9E68
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: EnumSystemLocalesW,7_2_00007FF6EF8F9D98
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: GetLocaleInfoW,7_2_00007FF6EF8F44D0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_00007FF6EF8FA484
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,7_2_00007FF6EF8F9A48
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_00007FF6EF8FA2A8
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: GetLocaleInfoA,LeaveCriticalSection,7_2_00007FFDF8827E67
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeQueries volume information: C:\Windows\Temp\asw.65e28d24bc9dfc42\servers.def.vpx VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_006141B0 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetVersionExA,GetNativeSystemInfo,wsprintfA,wsprintfA,lstrcatA,lstrlenA,0_2_006141B0
Source: C:\Users\user\Desktop\Microstub.exeCode function: 0_2_0061A100 GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,0_2_0061A100
Source: C:\Users\user\Desktop\Microstub.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E616C04B __std_exception_destroy,__std_exception_destroy,__std_exception_destroy,RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,Concurrency::cancel_current_task,3_2_00007FF7E616C04B
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exeCode function: 3_2_00007FF7E616D1C0 RemoveVectoredExceptionHandler,SetEvent,GetCurrentThreadId,RpcBindingFree,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,3_2_00007FF7E616D1C0
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF73C04B __std_exception_destroy,__std_exception_destroy,__std_exception_destroy,RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,Concurrency::cancel_current_task,7_2_00007FF6EF73C04B
Source: C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exeCode function: 7_2_00007FF6EF73D1C0 RemoveVectoredExceptionHandler,SetEvent,GetCurrentThreadId,RpcBindingFree,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,7_2_00007FF6EF73D1C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
Network Sniffing		1
System Time Discovery		Remote Services11
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts13
Command and Scripting Interpreter		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		2
Obfuscated Files or Information		11
Input Capture		2
File and Directory Discovery		Remote Desktop Protocol11
Input Capture		2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Windows Service		1
DLL Side-Loading		Security Account Manager1
Network Sniffing		SMB/Windows Admin Shares2
Clipboard Data		3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Bootkit		12
Process Injection		1
DLL Search Order Hijacking		NTDS56
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
Masquerading		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts23
Virtualization/Sandbox Evasion		Cached Domain Credentials271
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
Process Injection		DCSync23
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Bootkit		Proc Filesystem3
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
Remote System Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1408633 Sample: Microstub.exe Startdate: 13/03/2024 Architecture: WINDOWS Score: 48 63 v7event.stats.avast.com 2->63 65 shepherd.ff.avast.com 2->65 67 5 other IPs or domains 2->67 85 NDIS Filter Driver detected (likely used to intercept and sniff network traffic) 2->85 87 Sigma detected: Execution from Suspicious Folder 2->87 11 Microstub.exe 1 2 2->11         started        signatures3 process4 dnsIp5 81 analytics-prod-gcp.ff.avast.com 34.117.223.223, 443, 49730, 49736 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 11->81 57 avast_free_antivir...etup_online_x64.exe, PE32+ 11->57 dropped 99 Query firmware table information (likely to detect VMs) 11->99 101 Contains functionality to infect the boot sector 11->101 16 avast_free_antivirus_setup_online_x64.exe 2 31 11->16         started        file6 signatures7 process8 file9 41 C:\Windows\Temp\...\Instup.exe, PE32+ 16->41 dropped 43 C:\Windows\Temp\...\Instup.dll, PE32+ 16->43 dropped 45 C:\Windows\Temp\...\HTMLayout.dll, PE32+ 16->45 dropped 83 Query firmware table information (likely to detect VMs) 16->83 20 Instup.exe 7 34 16->20         started        signatures10 process11 dnsIp12 69 shepherd-gcp.ff.avast.com 34.160.176.28, 443, 49741, 49761 ATGS-MMD-ASUS United States 20->69 71 y9830512.iavs9x.u.avast.com 20->71 73 5 other IPs or domains 20->73 47 C:\Windows\Temp\...\uat64.dll, PE32+ 20->47 dropped 49 C:\Windows\Temp\...\setgui_x64_ais-a31.vpx, PE32+ 20->49 dropped 51 C:\Windows\Temp\...\sbr_x64_ais-a31.vpx, PE32+ 20->51 dropped 53 20 other files (none is malicious) 20->53 dropped 89 Query firmware table information (likely to detect VMs) 20->89 91 Tries to delay execution (extensive OutputDebugStringW loop) 20->91 93 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 20->93 25 instup.exe 3 10 20->25         started        file13 signatures14 process15 dnsIp16 75 v7event.stats.avast.com 25->75 77 s-vps18tiny.avcdn.net 25->77 79 13 other IPs or domains 25->79 95 Query firmware table information (likely to detect VMs) 25->95 97 Tries to delay execution (extensive OutputDebugStringW loop) 25->97 29 aswOfferTool.exe 25->29         started        32 aswOfferTool.exe 25->32         started        34 aswOfferTool.exe 25->34         started        36 aswOfferTool.exe 25->36         started        signatures17 process18 file19 59 C:\Users\Public\Documents\aswOfferTool.exe, PE32 29->59 dropped 38 aswOfferTool.exe 29->38         started        61 C:\Windows\Temp\...\gcapi.dll, PE32 32->61 dropped process20 file21 55 C:\Users\Public\Documents\gcapi.dll, PE32 38->55 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Microstub.exe4%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Documents\aswOfferTool.exe0%ReversingLabs
C:\Users\Public\Documents\gcapi.dll0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\HTMLayout.dll0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.dll0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvBugReport.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvDump.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\HTMLayout.dll (copy)0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw16db19f2c712734f.tmp0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw16fa03160b250d0c.tmp0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw2646ad6031aa5cea.tmp0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw4d28d15b57d50add.tmp0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw5cca90484465b52b.tmp0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw8caedf1760e6537e.tmp0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswacc1d9fddf6660ef.tmp0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\gcapi.dll0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.dll (copy)0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\sbr.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\avbugreport_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x86_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\instcont_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\instup_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\offertool_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\sbr_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\setgui_x64_ais-a31.vpx0%ReversingLabs
C:\Windows\Temp\asw.65e28d24bc9dfc42\uat64.dll0%ReversingLabs
C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.avast.com0/0%URL Reputationsafe
http://keys.backup.norton.comLO.3120accountkeysCCT0%Avira URL Cloudsafe
https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe0%Avira URL Cloudsafe
http://www.founder.com.cn/cn0%Avira URL Cloudsafe
https://pair.ff.avast.comdlernstcn0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
shepherd-gcp.ff.avast.com
34.160.176.28
truefalse
    		high
    analytics-prod-gcp.ff.avast.com
    		34.117.223.223
    		truefalse
      		high
      m0658849.iavs9x.u.avast.com
      		unknown
      		unknownfalse
        		high
        d3176133.iavs9x.u.avast.com
        		unknown
        		unknownfalse
          		high
          r0965026.iavs9x.u.avast.com
          		unknown
          		unknownfalse
            		high
            h4444966.iavs9x.u.avast.com
            		unknown
            		unknownfalse
              		high
              d3176133.vps18tiny.u.avcdn.net
              		unknown
              		unknownfalse
                		high
                shepherd.ff.avast.com
                		unknown
                		unknownfalse
                  		high
                  h4305360.iavs9x.u.avast.com
                  		unknown
                  		unknownfalse
                    		high
                    j0294597.iavs9x.u.avast.com
                    		unknown
                    		unknownfalse
                      		high
                      c3978047.iavs9x.u.avast.com
                      		unknown
                      		unknownfalse
                        		high
                        b8003600.vps18tiny.u.avcdn.net
                        		unknown
                        		unknownfalse
                          		high
                          iavs9x.u.avcdn.net
                          		unknown
                          		unknownfalse
                            		high
                            p1043812.vps18tiny.u.avcdn.net
                            		unknown
                            		unknownfalse
                              		high
                              v7event.stats.avast.com
                              		unknown
                              		unknownfalse
                                		high
                                s-iavs9x.avcdn.net
                                		unknown
                                		unknownfalse
                                  		high
                                  y9830512.iavs9x.u.avast.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    s-vps18tiny.avcdn.net
                                    		unknown
                                    		unknownfalse
                                      		high
                                      analytics.avcdn.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        n8283613.iavs9x.u.avast.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          r3802239.vps18tiny.u.avcdn.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            n8283613.vps18tiny.u.avcdn.net
                                            		unknown
                                            		unknownfalse
                                              		high
                                              p1043812.iavs9x.u.avast.com
                                              		unknown
                                              		unknownfalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://geoip.avast.com/geoip/geoip.phpxInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://n2833777.ivps9tiny.u.avast.com/ivps9tinywserInstup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://n8283613.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://j0294597.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://submit5.avast.com/cgi-bin/submit50.cgi25Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://submit5.avast.com/cgi-bin/submit50.cgi24Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://r9319236.vps18tiny.u.avcdn.net/vps18tiny4Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://p1043812.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://r0965026.vpsnitro.u.avast.com/vpsnitroyInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgiavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1768361758.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758939203.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2977670893.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986351113.0000025EF34B7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986831196.0000025EF34BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://submit5.avast.com/cgi-bin/submit50.cgi4Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://h4444966.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://m0658849.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://analytics.avcdn.net/v4/receive/json/70curiTavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766999996.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2978467338.0000025EF3511000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986692227.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758709661.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2369352481.0000025EF350F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758398770.0000025EF350F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fontbureau.com/designersavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://submit5.avast.com/cgi-bin/submit50.cgi=Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi4iOnsInstup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://submit5.avast.com/cgi-bin/submit50.cgiJInstup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://keys.backup.norton.comLO.3120accountkeysCCTavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		low
                                                                                    http://s1843811.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exeMicrostub.exe, 00000000.00000003.2332551774.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.2977329606.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000002.2977455626.00000000051EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://p9854759.iavs5x.u.avast.com/iavs5xcgiInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://b8003600.ivps9tiny.u.avast.com/ivps9tinysImVInstup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://geoip.avast.com/geoip/geoip.phpTInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://j0294597.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://p9854759.ivps9x.u.avast.com/ivps9x9tinycInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://geoip.avast.com/geoip/geoip.phpbInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://doubleclick-proxy.ff.avast.com/v1/gclidCInstup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.galapagosdesign.com/DPleaseavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://geoip.avast.com/geoip/geoip.phpjInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://w5805295.vpsnitrotiny.u.avast.com/vpsnitrotinyiInstup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotinyFyaWFInstup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://geoip.avast.com/geoip/geoip.phprInstup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://geoip.avast.com/geoip/geoip.phpnInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotinyGUiOiJInstup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi096MBRAMInstup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotinyO;Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://n2833777.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://submit5.avast.com/cgi-bin/submit50.cgioInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeGInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://submit5.avast.com/cgi-bin/submit50.cgiyInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://submit5.avast.com/cgi-bin/submit50.cgiwInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exeInstup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980681880.0000021D47922000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://submit5.avast.com/cgi-bin/submit50.cgiyvcHRInstup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://n2833777.vps18tiny.u.avcdn.net/vps18tiny#Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://analytics.avcdn.net:443/v4/receive/json/70pavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1768361758.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1758939203.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2977670893.0000025EF34C0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986351113.0000025EF34B7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1986831196.0000025EF34BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe5Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeAInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://n8283613.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://r4427608.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://submit5.avast.com/cgi-bin/submit50.cgiMInstup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://y8002308.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeeInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotiny37:1Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://n8283613.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://submit5.avast.com/cgi-bin/submit50.cgiVInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi0hJHInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://j0294597.iavs9x.u.avast.com/iavs9xcgiyInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://submit5.avast.com/cgi-bin/submit50.cgibInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinynQiOiJInstup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://f3461309.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://keys.backup.norton.comavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi_;Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://m0658849.iavs5x.u.avast.com/iavs5xtroInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.avast.com0/avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF98B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1765008059.0000025EF8630000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766536925.0000025EF9C11000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1841543872.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1912769456.0000021D4908E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1916638513.0000021D49086000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1922019885.0000021D49F50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1925538553.0000021D49084000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913541020.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898819355.0000021D49080000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1917423639.0000021D4908B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1915519320.0000021D48881000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1914929796.0000021D49082000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910850290.0000021D491FF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983852176.0000021D48880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1832939157.0000021D48A03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://support.avast.com/issue_detailstatus_imgredlevelyellowbluehintadditionaldescriptionissue_actavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://d3176133.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://p9854759.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D484E7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://sm00.avast.com/cgi-bin/iavsup2.cgiavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848873427.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896609147.0000021D487AC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48762000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinysVInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://n8283613.ivps9tiny.u.avast.com/ivps9tinylInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://submit5.avast.com/cgi-bin/submit50.cgiy2Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://g1928587.iavs5x.u.avast.com/iavs5xhInstup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://n2833777.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://y9830512.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://z4055813.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://n2833777.vpsnitrotiny.u.avast.com/vpsnitrotinyW;Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://submit5.avast.com/cgi-bin/submit50.cgittpsInstup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://s1843811.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://geoip.avast.com/geoip/geoip.phpBInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exeUID)Instup.exe, 00000003.00000002.2983670045.0000021D48723000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.com.brInstup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://r4427608.iavs5x.u.avast.com/iavs5x9tinyiOnsInstup.exe, 00000003.00000002.2980809708.0000021D4796F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://geoip.avast.com/geoip/geoip.phpPInstup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotinyscripwInstup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://submit5.avast.com/cgi-bin/submit50.cgiInstup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://iavs9x.u.avcdn.net/Microstub.exe, 00000000.00000002.2977480276.000000000520A000.00000004.00000020.00020000.00000000.sdmp, Microstub.exe, 00000000.00000003.2332598625.000000000520A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://n4291289.vpsnitro.u.avast.com/vpsnitro$Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://www.founder.com.cn/cnavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2982164829.0000025EF6F42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://f3461309.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1896707913.0000021D48735000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840531337.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1913839159.0000021D48734000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1848972102.0000021D48734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://pair.ff.avast.comdlernstcnInstup.exe, 00000003.00000003.1840531337.0000021D48762000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  http://m0658849.iavs9x.u.avast.com/iavs9x/prod-pgm.vpxInstup.exe, 00000003.00000002.2983051873.0000021D48480000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://analytics.avcdn.net/v4/receive/json/%davast_free_antivirus_setup_online_x64.exe, 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1730984495.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1774919410.0000025EF93F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1887749625.0000021D49FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiPUInstup.exe, 00000003.00000002.2980809708.0000021D47AE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiPerTeInstup.exe, 00000003.00000002.2983225325.0000021D48532000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://z4055813.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1754640907.0000025EF84D0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1766877261.0000025EF8521000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840489074.0000021D48785000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.2980809708.0000021D47A16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1840462796.0000021D4879E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                            34.117.223.223
                                                                                                                                                                                                                                            		analytics-prod-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                            34.160.176.28
                                                                                                                                                                                                                                            		shepherd-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                                            Analysis ID:1408633
                                                                                                                                                                                                                                            Start date and time:2024-03-13 21:33:02 +01:00
                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                            Overall analysis duration:0h 10m 50s
                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                            Number of analysed new started processes analysed:15
                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                            Sample name:Microstub.exe
                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                            Classification:mal48.troj.evad.winEXE@16/60@84/2
                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                                            HCA Information:Failed
                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 142.251.40.142, 23.55.243.199, 23.55.243.200, 23.199.49.64, 23.55.243.212, 23.55.243.208, 142.250.80.72
                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): u4.avcdn.net.edgesuite.net, fs.microsoft.com, slscr.update.microsoft.com, e9229.dscd.akamaiedge.net, ctldl.windowsupdate.com, a117.dscd.akamai.net, iavs9x4.u.avcdn.net.edgesuite.net, fe3cr.delivery.mp.microsoft.com, a27.dscd.akamai.net, ssl.google-analytics.com, fallbackupdates.avcdn.net.edgekey.net, ocsp.digicert.com, www.google-analytics.com
                                                                                                                                                                                                                                            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                            • VT rate limit hit for: Microstub.exe

                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                            21:33:58API Interceptor2x Sleep call for process: Microstub.exe modified
                                                                                                                                                                                                                                            21:34:02API Interceptor1x Sleep call for process: avast_free_antivirus_setup_online_x64.exe modified
                                                                                                                                                                                                                                            21:34:05API Interceptor1x Sleep call for process: Instup.exe modified
                                                                                                                                                                                                                                            21:34:21API Interceptor5x Sleep call for process: instup.exe modified

                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            34.117.223.223ccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                            https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                            _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                            _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                            MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                            https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                            _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                            _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                            fences-1.0.1.0.0-installer_t-TafY1.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                            • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                            34.160.176.28ccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                http://www.poweriso-mirror.com/PowerISO8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      jcreator_6i-6JJ1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        jcreator_6i-6JJ1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          SecuriteInfo.com.Trojan.InstallCore.4042.19460.13818.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            SecuriteInfo.com.Trojan.InstallCore.4042.19460.13818.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse

                                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                shepherd-gcp.ff.avast.comccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                http://www.poweriso-mirror.com/PowerISO8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                analytics-prod-gcp.ff.avast.comccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                http://www.poweriso-mirror.com/PowerISO8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223

                                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttps://vngsvkfvywvffdv.s3.ap-east-1.amazonaws.com/vngsvkfvywvffdv.html#5VyLDa6734NlYC486sofwjlfifu1585DKFQFWNMPWLVYWH9348/729433U21#5tykexk63yzxnmt0l8orxw3yumbfu033aoua83yoi1y4cy8m81tyootl4pqgulnctGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                • 34.117.121.53
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureLog Stealer, RisePro Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                                                                                                https://tracker.club-os.com////campaign/click?1274653442ms740959505gId444d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=rehanvidyagyan.com#dzpl6yxzZGVha2luQGRldnJ5LmVkdQ==&&xnmy2h&1asxydei%2F%25U1nMtHFYaN%2F%255sMQEdXny6GFgc%2F%25ZGVha2luQGRldnJ5LmVkdQ==&%E3%80%82&$Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                                                                                                SecuriteInfo.com.Win32.TrojanX-gen.5596.29757.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                                                                                                UTCy4CLqRJ.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                                                                                                SecuriteInfo.com.Win32.TrojanX-gen.9666.20380.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                                                                                                c3Jj616jlO.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                                                                                                SecuriteInfo.com.Win32.TrojanX-gen.8227.28243.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                                                                                                ATGS-MMD-ASUShttp://haaszaltz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.174.86.137
                                                                                                                                                                                                                                                                https://vngsvkfvywvffdv.s3.ap-east-1.amazonaws.com/vngsvkfvywvffdv.html#5VyLDa6734NlYC486sofwjlfifu1585DKFQFWNMPWLVYWH9348/729433U21#5tykexk63yzxnmt0l8orxw3yumbfu033aoua83yoi1y4cy8m81tyootl4pqgulnctGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 34.188.201.80
                                                                                                                                                                                                                                                                na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 51.34.72.48
                                                                                                                                                                                                                                                                7YYJZyLPiX.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 51.203.87.173
                                                                                                                                                                                                                                                                cCQ8OCNYwd.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 34.158.226.167
                                                                                                                                                                                                                                                                pUQL9ZI8ks.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 32.249.21.68
                                                                                                                                                                                                                                                                https://dwaltnewurlkalmakbiira13.blob.core.windows.net/dwaltnewurlkalmakbiira13/1.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                • 34.149.120.191
                                                                                                                                                                                                                                                                isWhefjqVA.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 32.166.191.250
                                                                                                                                                                                                                                                                PO663636.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                                                                                • 34.149.87.45

                                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                74954a0c86284d0d6e1c4efefe92b521J-JeremieKarg-78462.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                J-JeremieKarg-78462.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                PostalOffice.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                PERSPICIATISM.imgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                systemtest-standalone-10.12.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                systemtest-standalone-10.12.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                erg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                erg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                erg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                erg.exeGet hashmaliciousTrap StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Win64.DropperX-gen.10232.23831.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                wps32.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                wps32.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                paper7287-12-march-2024.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureLog Stealer, RisePro Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                nzGgfP8vN3.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                conditional_order.cmdGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                                                                                                                • 34.160.176.28

                                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                C:\Users\Public\Documents\gcapi.dll_.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        ATT00001.htmGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                          C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (472), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):50103
                                                                                                                                                                                                                                                                          Entropy (8bit):5.193273458610015
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:ittzxK0vf2BZKuktSyVbTT0DLMKyxMEuIe:gtNR9ERP
                                                                                                                                                                                                                                                                          MD5:29ECADAB478F6407BE93310C4CDADDC4
                                                                                                                                                                                                                                                                          SHA1:7CFAC05880FDBDEC0196A9E78674B7BA7EF72E6D
                                                                                                                                                                                                                                                                          SHA-256:C962DE3C8076B21615FA7E4309E0A59CCB02AC0FA27D5685AA0BC81F87381F12
                                                                                                                                                                                                                                                                          SHA-512:54015A84A6F2D125F5A2211A9004E7963E7D0617DEFE5AB15100CA834B3E4029420D8B001F8285EC0872D39B3F11B14622E91020ACD1FCD88FC5286C208AE86E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Preview:.[2024-03-13 20:33:58.958] [info ] [sfxinst ] [ 6608: 6624] [C092BD: 958] --..[2024-03-13 20:33:58.958] [info ] [sfxinst ] [ 6608: 6624] [C092BD: 959] START: Avast SFX stub executable..[2024-03-13 20:33:58.958] [info ] [sfxinst ] [ 6608: 6624] [C092BD: 256] Entering SFX stub guarded code section...[2024-03-13 20:33:59.036] [info ] [sfxinst ] [ 6608: 6624] [C092BD: 371] Running SFX 'C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe'..[2024-03-13 20:34:01.989] [notice ] [burger_rep ] [ 6608: 6956] [464414: 66] The event '70.1' was successfully sent to burger: https://analytics.avcdn.net/v4/receive/json/70...[2024-03-13 20:34:02.630] [info ] [sfxstats ] [ 6608: 6960] [01E889: 149] Statistics sent successfully...[2024-03-13 20:34:33.342] [info ] [sfxinst ] [ 6608: 6624] [C092BD: 882] Starting installer/updater executable 'C:\Windows\Temp\asw.65e28d24bc9dfc42\instup.exe'..[2024-03-13 20:34:03.999] [info ] [instcont ] [ 4008: 3

                                                                                                                                                                                                                                                                          C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):281
                                                                                                                                                                                                                                                                          Entropy (8bit):4.618553609931452
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:s4/OhOVkRNg3IKw6B6TjyhKSL/Oy9XNg3IKw6B6Tjy3:s4/QOee16qhKSL/V9Xe16q3
                                                                                                                                                                                                                                                                          MD5:E4C31F0EA13558CC27B00BDD535260EA
                                                                                                                                                                                                                                                                          SHA1:34024B7EE15A7623D142C7B5A3F8B9D48449A882
                                                                                                                                                                                                                                                                          SHA-256:BE8B148E94019B4F3734E08CF02B3DB0F55FA0905B89126122B83079B0258849
                                                                                                                                                                                                                                                                          SHA-512:916B0517165A875742655BE8FC38279C20002054342610C243D285BF5D7AADDA4873B241C18379645D0E9226925918C1453A8FF8298A6D7AC836BD71066825FB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Preview:.[2024-03-13 20:34:37.180] [info ] [burger ] [ 4008: 3120] [8742F6: 55] Storage path was not set so neither stored events are read...[2024-03-13 20:34:53.536] [info ] [burger ] [ 2088: 3716] [8742F6: 55] Storage path was not set so neither stored events are read...

                                                                                                                                                                                                                                                                          C:\Users\Public\Documents\aswOfferTool.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2412488
                                                                                                                                                                                                                                                                          Entropy (8bit):6.788946530999311
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:3ue9ZggggMiD3stKPnAnxrTfyAvAfAAEV1rnFTZT0krlGW+Fj:/VAwnAncAo7ELxTZT0krgF
                                                                                                                                                                                                                                                                          MD5:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                          SHA1:D896E30028659BAB78FD183ABCF5E4A4EA2D324E
                                                                                                                                                                                                                                                                          SHA-256:856C30C59588B934BAB3A049818812BD654F231A45F7299D5C9D697E831C90E0
                                                                                                                                                                                                                                                                          SHA-512:91E3FF5EB298526CE3FDCE4442F610A609FC9F35B1059C819DB0297506608BBD64A48E41CFE723813D61B659CEF54394001706AA0DEAC550FCC3595A55E36474
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........!...O.O.O.V.L.O.V.J.I.O.<..O.<K.O.<L.O.<J..O.V.K.O....O...K.#.O.O.O...K.O.V.N.O.N.4.O..<F..O..<O.O..<..O...O..<M.O.Rich..O.........................PE..L....K.e...............&..........................@...........................$......'%...@.........................0...............................x.$.P)...0$.....Hj.......................k.......i..@...............d............................text...Z........................... ..`.rdata..jM.......N..................@..@.data...Dm... ...H..................@....rsrc................V..............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\Public\Documents\gcapi.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):888600
                                                                                                                                                                                                                                                                          Entropy (8bit):6.799400661071435
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                                                                                                                                          MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                                                                                                                                          SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                                                                                                                                          SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                                                                                                                                          SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                          • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: ATT00001.htm, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\HTMLayout.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4159384
                                                                                                                                                                                                                                                                          Entropy (8bit):6.48297975888014
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:RNJsXdVwQll/DRKIymdz69dbrqNmWRPSur:RYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                          MD5:6F8CB4FDB8853E49C62D2FE15245434B
                                                                                                                                                                                                                                                                          SHA1:0C557F9D406503E0643410138AE6A704ABF1EC04
                                                                                                                                                                                                                                                                          SHA-256:EE0A970AE87CE482CA67C84E3E959049F26F30105DA63E74824B0F7F5F0E7BF5
                                                                                                                                                                                                                                                                          SHA-512:CF472F24BE1BBDC6F4ECF99AB9ED9F3ECC0CED9F4AA22872D05B8D373835E2F99001CBF91363371F66DB12DEEDEAD8F7C635FC4C3D33946E26651679617FF6B3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...pM.e.........." ...&..0..........G(.......................................?......{?...`A..........................................;.....D.;.,....p>......`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc........p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):18940824
                                                                                                                                                                                                                                                                          Entropy (8bit):6.453823235860475
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:393216:aNtsX/GV0VBKrcqa7pKjgJMCatC34lQuIA04vClrQkpA1:aNtSqoBMCn3sJ
                                                                                                                                                                                                                                                                          MD5:ACF0AB6B59EEC2FE550DE1882674C740
                                                                                                                                                                                                                                                                          SHA1:F62610B5F8ADF7AD05F03E30E927206EED8978A7
                                                                                                                                                                                                                                                                          SHA-256:5363CEFB3C2ABB55222887589E87C1235A533FB9601A9E12A027A4A5E56DCCB1
                                                                                                                                                                                                                                                                          SHA-512:9F3D9F45008A7B44C3F4FAC219BF64D5DE71B1421010613BAE50EBCB8D3149951F1CC6F2586E7B289C33CDCFF628DCBBFF0969D368D354C1849E1D31D48B3C0D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........a.4..mg..mg..mg.thf..mg.rhf(.mg..g..mg.if..mg.rnf..mg.rif..mg.x.g..mg.uifs.mg.rkf..mg.uhf..mg.uif..mg"wif..mg"whf..mg..mg..mgOnnf..mgOnif..mg.rlf..mg..lgx.mg.nf..mg.hfg.mg..df..mg..mf..mg...g..mg...g..mg..of..mgRich..mg................PE..d....N.e.........." ...&.@....}.......P.......................................".......!...`A........................................`q.......w............8.........H. .P).... .................................(......@............P...#...[.......................text....>.......@.................. ..`.rdata....-..P....-..D..............@..@.data............Z..................@....pdata...............>..............@..@.didat.. ....`......................@....sdata.......p......................@..._RDATA..............................@..@.rsrc.....8.......8.................@..@.reloc........ .....................@..B........

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3902920
                                                                                                                                                                                                                                                                          Entropy (8bit):6.4457166076890156
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:Qn1m5djOp3gPNZIavZIfh2oK3d9bgl+pPS4q1MpTYBdWA1fV92LJdjlSf8go4vdv:2mnN9jd9+Tff2M
                                                                                                                                                                                                                                                                          MD5:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                          SHA1:3A01CD29C29FB0551ECFD831CE7D7F759C22026E
                                                                                                                                                                                                                                                                          SHA-256:7CE3272268ADEC6442A36934894CA19E4916502748E8347FD3B2F66535D1C0E9
                                                                                                                                                                                                                                                                          SHA-512:AF9F9BF8F937DB69CF2B3B0AFEFC7005FDDB2F1CE405B2A04EDDA1A65A25E42E45916B450329EB463ED17A0E815816F2CF7EE66059AE8B2BD51DC27BCE3C0909
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......C....O...O...O...=...O...=...O.......O.......O......hO.......O..m....O...=...O...7b..O...O...O..Q:...O...:...O...=...O...O...N..m....N..m....O..m....O...Of..O..m....O..Rich.O..................PE..d....M.e.........."....&..$....................@............................. <.......;...`...........................................2.......2.,.....;.x.....9.4...xd;.P)....;.P^....,.......................,.(...p.,.@............ $. ............................text.....$.......$................. ..`.rdata....... $.......$.............@..@.data...p....02..&...$2.............@....pdata..4.....9......J9.............@..@_RDATA........;.......:.............@..@.rsrc...x.....;.......:.............@..@.reloc..P^....;..`....;.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvBugReport.exe (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4995480
                                                                                                                                                                                                                                                                          Entropy (8bit):6.513466309572837
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:YMLfHhldPFjnwlNPzJrpxX5lPuf20I9qhXWYu7/5S6tvI3Et12IC8ztW96BuBAVj:arJv5FidWYC57tTsiV6ltkb0Dldq
                                                                                                                                                                                                                                                                          MD5:32D3AF2566FD2934E2E222686FAD38F6
                                                                                                                                                                                                                                                                          SHA1:D94B1E6B69DFBD4AA558FFF286E8A49C5E9FBDC9
                                                                                                                                                                                                                                                                          SHA-256:7D4E79BDDAD1A5484FE1BAC786EF5A9A451A8FD60519D60D1D40B6B22BC325BF
                                                                                                                                                                                                                                                                          SHA-512:86ADDFF38C283FBFFC417FC64F0A3AEF3CA2902956E3FA990876C7ED5432BB8C098C823F13D9CB4B0E0705FBBAAF65970AC27580255E4D4BFDAA6B7B004009AD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......rKI.6*'.6*'.6*'..X"..*'.0...:*'.0.#.%*'..^".?*'.0.".A*'.0.$.$*'..X$.&*'.?R..4*'.D#.0*'.`_#.*'.6*'.;*'.`_"..*'.._#.7*'..X#..*'..X&..*'.6*&.j('.\...k+'.\.'.7*'.\...7*'.6*..4*'.\.%.7*'.Rich6*'.................PE..d...9M.e.........."....&..2..........n.........@..............................M.....-.M...`...........................................A.......A.,.....L.......J..[..H.L.P)....L.@j....:.......................:.(...p.:.@.............2..............................text.....2.......2................. ..`.rdata..0.....2.......2.............@..@.data.........A..j....A.............@....pdata...[....J..\...>I.............@..@_RDATA.......pL.......K.............@..@.rsrc.........L.......K.............@..@.reloc..@j....L..l....K.............@..B........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\AvDump.exe (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3553688
                                                                                                                                                                                                                                                                          Entropy (8bit):6.472585130149831
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:W6qW6MWNsVp478L0GYoCgTvgaA1gzHBxBUPpljXp2swtTt2HsK17kyFxA+0zGycw:WDWXvk1JMtJe63
                                                                                                                                                                                                                                                                          MD5:A9A99325FC3F0E14A2FC9C41DEDB8C8F
                                                                                                                                                                                                                                                                          SHA1:869B846466552756EAB5D30D9022F2A08BB93E12
                                                                                                                                                                                                                                                                          SHA-256:8043322E2A1F6A9DEAB38D0748449E32805CFBF9C439621900F6174526586729
                                                                                                                                                                                                                                                                          SHA-512:9FB6CC535852CF87D8C632308AACF8ABB449061C63FC41D43411D0D651BCAD26416D6D2F3E603F764DAA3927B4F8547EBC64B5BBFCD183FAA674F8A33D832CDE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z..Uz..Uz..U...Tv..U...T..U...Tf..U|..Uy..U|..Th..U...Ts..U|..Tn..U|..T...Us.kUx..Uz..U}..U,..Ty..U...Tc..U...T{..Uz..U...U...T...U...T{..U...U{..Uz.oUx..U...T{..URichz..U........PE..d...>K.e.........."....&.. ......... 9.........@..............................6.......6...`...........................................,.......,.......5.......3.....H.6.P)....6.(Y...7'......................:'.(.....#.@............. .@...0~,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data....=....,.......,.............@....pdata........3......N3.............@..@.didat..P.....5.......4.............@..._RDATA........5.......4.............@..@.rsrc.........5.......4.............@..@.reloc..(Y....6..Z....5.............@..B........................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\HTMLayout.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4159384
                                                                                                                                                                                                                                                                          Entropy (8bit):6.48297975888014
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:RNJsXdVwQll/DRKIymdz69dbrqNmWRPSur:RYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                          MD5:6F8CB4FDB8853E49C62D2FE15245434B
                                                                                                                                                                                                                                                                          SHA1:0C557F9D406503E0643410138AE6A704ABF1EC04
                                                                                                                                                                                                                                                                          SHA-256:EE0A970AE87CE482CA67C84E3E959049F26F30105DA63E74824B0F7F5F0E7BF5
                                                                                                                                                                                                                                                                          SHA-512:CF472F24BE1BBDC6F4ECF99AB9ED9F3ECC0CED9F4AA22872D05B8D373835E2F99001CBF91363371F66DB12DEEDEAD8F7C635FC4C3D33946E26651679617FF6B3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...pM.e.........." ...&..0..........G(.......................................?......{?...`A..........................................;.....D.;.,....p>......`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc........p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw16db19f2c712734f.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3902920
                                                                                                                                                                                                                                                                          Entropy (8bit):6.4457166076890156
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:Qn1m5djOp3gPNZIavZIfh2oK3d9bgl+pPS4q1MpTYBdWA1fV92LJdjlSf8go4vdv:2mnN9jd9+Tff2M
                                                                                                                                                                                                                                                                          MD5:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                          SHA1:3A01CD29C29FB0551ECFD831CE7D7F759C22026E
                                                                                                                                                                                                                                                                          SHA-256:7CE3272268ADEC6442A36934894CA19E4916502748E8347FD3B2F66535D1C0E9
                                                                                                                                                                                                                                                                          SHA-512:AF9F9BF8F937DB69CF2B3B0AFEFC7005FDDB2F1CE405B2A04EDDA1A65A25E42E45916B450329EB463ED17A0E815816F2CF7EE66059AE8B2BD51DC27BCE3C0909
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......C....O...O...O...=...O...=...O.......O.......O......hO.......O..m....O...=...O...7b..O...O...O..Q:...O...:...O...=...O...O...N..m....N..m....O..m....O...Of..O..m....O..Rich.O..................PE..d....M.e.........."....&..$....................@............................. <.......;...`...........................................2.......2.,.....;.x.....9.4...xd;.P)....;.P^....,.......................,.(...p.,.@............ $. ............................text.....$.......$................. ..`.rdata....... $.......$.............@..@.data...p....02..&...$2.............@....pdata..4.....9......J9.............@..@_RDATA........;.......:.............@..@.rsrc...x.....;.......:.............@..@.reloc..P^....;..`....;.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw16fa03160b250d0c.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3553688
                                                                                                                                                                                                                                                                          Entropy (8bit):6.472585130149831
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:W6qW6MWNsVp478L0GYoCgTvgaA1gzHBxBUPpljXp2swtTt2HsK17kyFxA+0zGycw:WDWXvk1JMtJe63
                                                                                                                                                                                                                                                                          MD5:A9A99325FC3F0E14A2FC9C41DEDB8C8F
                                                                                                                                                                                                                                                                          SHA1:869B846466552756EAB5D30D9022F2A08BB93E12
                                                                                                                                                                                                                                                                          SHA-256:8043322E2A1F6A9DEAB38D0748449E32805CFBF9C439621900F6174526586729
                                                                                                                                                                                                                                                                          SHA-512:9FB6CC535852CF87D8C632308AACF8ABB449061C63FC41D43411D0D651BCAD26416D6D2F3E603F764DAA3927B4F8547EBC64B5BBFCD183FAA674F8A33D832CDE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z..Uz..Uz..U...Tv..U...T..U...Tf..U|..Uy..U|..Th..U...Ts..U|..Tn..U|..T...Us.kUx..Uz..U}..U,..Ty..U...Tc..U...T{..Uz..U...U...T...U...T{..U...U{..Uz.oUx..U...T{..URichz..U........PE..d...>K.e.........."....&.. ......... 9.........@..............................6.......6...`...........................................,.......,.......5.......3.....H.6.P)....6.(Y...7'......................:'.(.....#.@............. .@...0~,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data....=....,.......,.............@....pdata........3......N3.............@..@.didat..P.....5.......4.............@..._RDATA........5.......4.............@..@.rsrc.........5.......4.............@..@.reloc..(Y....6..Z....5.............@..B........................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw2646ad6031aa5cea.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):18940824
                                                                                                                                                                                                                                                                          Entropy (8bit):6.453823235860475
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:393216:aNtsX/GV0VBKrcqa7pKjgJMCatC34lQuIA04vClrQkpA1:aNtSqoBMCn3sJ
                                                                                                                                                                                                                                                                          MD5:ACF0AB6B59EEC2FE550DE1882674C740
                                                                                                                                                                                                                                                                          SHA1:F62610B5F8ADF7AD05F03E30E927206EED8978A7
                                                                                                                                                                                                                                                                          SHA-256:5363CEFB3C2ABB55222887589E87C1235A533FB9601A9E12A027A4A5E56DCCB1
                                                                                                                                                                                                                                                                          SHA-512:9F3D9F45008A7B44C3F4FAC219BF64D5DE71B1421010613BAE50EBCB8D3149951F1CC6F2586E7B289C33CDCFF628DCBBFF0969D368D354C1849E1D31D48B3C0D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........a.4..mg..mg..mg.thf..mg.rhf(.mg..g..mg.if..mg.rnf..mg.rif..mg.x.g..mg.uifs.mg.rkf..mg.uhf..mg.uif..mg"wif..mg"whf..mg..mg..mgOnnf..mgOnif..mg.rlf..mg..lgx.mg.nf..mg.hfg.mg..df..mg..mf..mg...g..mg...g..mg..of..mgRich..mg................PE..d....N.e.........." ...&.@....}.......P.......................................".......!...`A........................................`q.......w............8.........H. .P).... .................................(......@............P...#...[.......................text....>.......@.................. ..`.rdata....-..P....-..D..............@..@.data............Z..................@....pdata...............>..............@..@.didat.. ....`......................@....sdata.......p......................@..._RDATA..............................@..@.rsrc.....8.......8.................@..@.reloc........ .....................@..B........

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw4d28d15b57d50add.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4159384
                                                                                                                                                                                                                                                                          Entropy (8bit):6.48297975888014
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:RNJsXdVwQll/DRKIymdz69dbrqNmWRPSur:RYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                          MD5:6F8CB4FDB8853E49C62D2FE15245434B
                                                                                                                                                                                                                                                                          SHA1:0C557F9D406503E0643410138AE6A704ABF1EC04
                                                                                                                                                                                                                                                                          SHA-256:EE0A970AE87CE482CA67C84E3E959049F26F30105DA63E74824B0F7F5F0E7BF5
                                                                                                                                                                                                                                                                          SHA-512:CF472F24BE1BBDC6F4ECF99AB9ED9F3ECC0CED9F4AA22872D05B8D373835E2F99001CBF91363371F66DB12DEEDEAD8F7C635FC4C3D33946E26651679617FF6B3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...pM.e.........." ...&..0..........G(.......................................?......{?...`A..........................................;.....D.;.,....p>......`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc........p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw5cca90484465b52b.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4995480
                                                                                                                                                                                                                                                                          Entropy (8bit):6.513466309572837
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:YMLfHhldPFjnwlNPzJrpxX5lPuf20I9qhXWYu7/5S6tvI3Et12IC8ztW96BuBAVj:arJv5FidWYC57tTsiV6ltkb0Dldq
                                                                                                                                                                                                                                                                          MD5:32D3AF2566FD2934E2E222686FAD38F6
                                                                                                                                                                                                                                                                          SHA1:D94B1E6B69DFBD4AA558FFF286E8A49C5E9FBDC9
                                                                                                                                                                                                                                                                          SHA-256:7D4E79BDDAD1A5484FE1BAC786EF5A9A451A8FD60519D60D1D40B6B22BC325BF
                                                                                                                                                                                                                                                                          SHA-512:86ADDFF38C283FBFFC417FC64F0A3AEF3CA2902956E3FA990876C7ED5432BB8C098C823F13D9CB4B0E0705FBBAAF65970AC27580255E4D4BFDAA6B7B004009AD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......rKI.6*'.6*'.6*'..X"..*'.0...:*'.0.#.%*'..^".?*'.0.".A*'.0.$.$*'..X$.&*'.?R..4*'.D#.0*'.`_#.*'.6*'.;*'.`_"..*'.._#.7*'..X#..*'..X&..*'.6*&.j('.\...k+'.\.'.7*'.\...7*'.6*..4*'.\.%.7*'.Rich6*'.................PE..d...9M.e.........."....&..2..........n.........@..............................M.....-.M...`...........................................A.......A.,.....L.......J..[..H.L.P)....L.@j....:.......................:.(...p.:.@.............2..............................text.....2.......2................. ..`.rdata..0.....2.......2.............@..@.data.........A..j....A.............@....pdata...[....J..\...>I.............@..@_RDATA.......pL.......K.............@..@.rsrc.........L.......K.............@..@.reloc..@j....L..l....K.............@..B........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\asw8caedf1760e6537e.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2412488
                                                                                                                                                                                                                                                                          Entropy (8bit):6.788946530999311
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:3ue9ZggggMiD3stKPnAnxrTfyAvAfAAEV1rnFTZT0krlGW+Fj:/VAwnAncAo7ELxTZT0krgF
                                                                                                                                                                                                                                                                          MD5:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                          SHA1:D896E30028659BAB78FD183ABCF5E4A4EA2D324E
                                                                                                                                                                                                                                                                          SHA-256:856C30C59588B934BAB3A049818812BD654F231A45F7299D5C9D697E831C90E0
                                                                                                                                                                                                                                                                          SHA-512:91E3FF5EB298526CE3FDCE4442F610A609FC9F35B1059C819DB0297506608BBD64A48E41CFE723813D61B659CEF54394001706AA0DEAC550FCC3595A55E36474
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........!...O.O.O.V.L.O.V.J.I.O.<..O.<K.O.<L.O.<J..O.V.K.O....O...K.#.O.O.O...K.O.V.N.O.N.4.O..<F..O..<O.O..<..O...O..<M.O.Rich..O.........................PE..L....K.e...............&..........................@...........................$......'%...@.........................0...............................x.$.P)...0$.....Hj.......................k.......i..@...............d............................text...Z........................... ..`.rdata..jM.......N..................@..@.data...Dm... ...H..................@....rsrc................V..............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2412488
                                                                                                                                                                                                                                                                          Entropy (8bit):6.788946530999311
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:3ue9ZggggMiD3stKPnAnxrTfyAvAfAAEV1rnFTZT0krlGW+Fj:/VAwnAncAo7ELxTZT0krgF
                                                                                                                                                                                                                                                                          MD5:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                          SHA1:D896E30028659BAB78FD183ABCF5E4A4EA2D324E
                                                                                                                                                                                                                                                                          SHA-256:856C30C59588B934BAB3A049818812BD654F231A45F7299D5C9D697E831C90E0
                                                                                                                                                                                                                                                                          SHA-512:91E3FF5EB298526CE3FDCE4442F610A609FC9F35B1059C819DB0297506608BBD64A48E41CFE723813D61B659CEF54394001706AA0DEAC550FCC3595A55E36474
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........!...O.O.O.V.L.O.V.J.I.O.<..O.<K.O.<L.O.<J..O.V.K.O....O...K.#.O.O.O...K.O.V.N.O.N.4.O..<F..O..<O.O..<..O...O..<M.O.Rich..O.........................PE..L....K.e...............&..........................@...........................$......'%...@.........................0...............................x.$.P)...0$.....Hj.......................k.......i..@...............d............................text...Z........................... ..`.rdata..jM.......N..................@..@.data...Dm... ...H..................@....rsrc................V..............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswacc1d9fddf6660ef.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20376
                                                                                                                                                                                                                                                                          Entropy (8bit):6.64820412968221
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:GxaZ9QMb3KiVm+JmADIYiWoYrAM+o/8E9VF0NygP:GYZ9nbhJmhYiAAMxkE
                                                                                                                                                                                                                                                                          MD5:38F073F181FD2668EE160AE83B9D8BB9
                                                                                                                                                                                                                                                                          SHA1:1A77C8F984EFCD95CA0DC0EB2A14900671944B3C
                                                                                                                                                                                                                                                                          SHA-256:8B38E98F961512F8013142805706ADD8E1559B201AA471C35A04EBE71A530B0F
                                                                                                                                                                                                                                                                          SHA-512:CBCF332330CE71EDD3C3C84F50F77E282807E246513C6061584F33B7D3AF4AB87331F5E9227C9E7A3A0BE2435CAA242D4C7442400249C998354D610C340F14D9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d....K.e.........."....&.....0.................@.............................p............`..................................................&..d....`..X....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...X....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\gcapi.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):888600
                                                                                                                                                                                                                                                                          Entropy (8bit):6.799400661071435
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                                                                                                                                          MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                                                                                                                                          SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                                                                                                                                          SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                                                                                                                                          SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):18940824
                                                                                                                                                                                                                                                                          Entropy (8bit):6.453823235860475
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:393216:aNtsX/GV0VBKrcqa7pKjgJMCatC34lQuIA04vClrQkpA1:aNtSqoBMCn3sJ
                                                                                                                                                                                                                                                                          MD5:ACF0AB6B59EEC2FE550DE1882674C740
                                                                                                                                                                                                                                                                          SHA1:F62610B5F8ADF7AD05F03E30E927206EED8978A7
                                                                                                                                                                                                                                                                          SHA-256:5363CEFB3C2ABB55222887589E87C1235A533FB9601A9E12A027A4A5E56DCCB1
                                                                                                                                                                                                                                                                          SHA-512:9F3D9F45008A7B44C3F4FAC219BF64D5DE71B1421010613BAE50EBCB8D3149951F1CC6F2586E7B289C33CDCFF628DCBBFF0969D368D354C1849E1D31D48B3C0D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........a.4..mg..mg..mg.thf..mg.rhf(.mg..g..mg.if..mg.rnf..mg.rif..mg.x.g..mg.uifs.mg.rkf..mg.uhf..mg.uif..mg"wif..mg"whf..mg..mg..mgOnnf..mgOnif..mg.rlf..mg..lgx.mg.nf..mg.hfg.mg..df..mg..mf..mg...g..mg...g..mg..of..mgRich..mg................PE..d....N.e.........." ...&.@....}.......P.......................................".......!...`A........................................`q.......w............8.........H. .P).... .................................(......@............P...#...[.......................text....>.......@.................. ..`.rdata....-..P....-..D..............@..@.data............Z..................@....pdata...............>..............@..@.didat.. ....`......................@....sdata.......p......................@..._RDATA..............................@..@.rsrc.....8.......8.................@..@.reloc........ .....................@..B........

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3902920
                                                                                                                                                                                                                                                                          Entropy (8bit):6.4457166076890156
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:Qn1m5djOp3gPNZIavZIfh2oK3d9bgl+pPS4q1MpTYBdWA1fV92LJdjlSf8go4vdv:2mnN9jd9+Tff2M
                                                                                                                                                                                                                                                                          MD5:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                          SHA1:3A01CD29C29FB0551ECFD831CE7D7F759C22026E
                                                                                                                                                                                                                                                                          SHA-256:7CE3272268ADEC6442A36934894CA19E4916502748E8347FD3B2F66535D1C0E9
                                                                                                                                                                                                                                                                          SHA-512:AF9F9BF8F937DB69CF2B3B0AFEFC7005FDDB2F1CE405B2A04EDDA1A65A25E42E45916B450329EB463ED17A0E815816F2CF7EE66059AE8B2BD51DC27BCE3C0909
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......C....O...O...O...=...O...=...O.......O.......O......hO.......O..m....O...=...O...7b..O...O...O..Q:...O...:...O...=...O...O...N..m....N..m....O..m....O...Of..O..m....O..Rich.O..................PE..d....M.e.........."....&..$....................@............................. <.......;...`...........................................2.......2.,.....;.x.....9.4...xd;.P)....;.P^....,.......................,.(...p.,.@............ $. ............................text.....$.......$................. ..`.rdata....... $.......$.............@..@.data...p....02..&...$2.............@....pdata..4.....9......J9.............@..@_RDATA........;.......:.............@..@.rsrc...x.....;.......:.............@..@.reloc..P^....;..`....;.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\sbr.exe (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20376
                                                                                                                                                                                                                                                                          Entropy (8bit):6.64820412968221
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:GxaZ9QMb3KiVm+JmADIYiWoYrAM+o/8E9VF0NygP:GYZ9nbhJmhYiAAMxkE
                                                                                                                                                                                                                                                                          MD5:38F073F181FD2668EE160AE83B9D8BB9
                                                                                                                                                                                                                                                                          SHA1:1A77C8F984EFCD95CA0DC0EB2A14900671944B3C
                                                                                                                                                                                                                                                                          SHA-256:8B38E98F961512F8013142805706ADD8E1559B201AA471C35A04EBE71A530B0F
                                                                                                                                                                                                                                                                          SHA-512:CBCF332330CE71EDD3C3C84F50F77E282807E246513C6061584F33B7D3AF4AB87331F5E9227C9E7A3A0BE2435CAA242D4C7442400249C998354D610C340F14D9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d....K.e.........."....&.....0.................@.............................p............`..................................................&..d....`..X....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...X....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\Stats.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2523664094525224
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                                                                                                                                          MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                                                                                                                          SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                                                                                                                          SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                                                                                                                          SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\Stats.ini.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2523664094525224
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                                                                                                                                          MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                                                                                                                          SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                                                                                                                          SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                                                                                                                          SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\asw1da49b60db914d3e.ini

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (617), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                          Entropy (8bit):5.126740403514931
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:lcqaG0R/quPv2T3McqGry/lTKFeuN9XJ0jO:lVavHOpry/lTK4uNbmO
                                                                                                                                                                                                                                                                          MD5:78D6727BD36563B2CA268CDCD6ABE278
                                                                                                                                                                                                                                                                          SHA1:F175F0B27EFBFC065231CA3C8D599C5C8DA9F79B
                                                                                                                                                                                                                                                                          SHA-256:54B2F29FE7A3E49A768FFEE8B9ED01DD1FA17F8B6511A4F28535BF0259A5946C
                                                                                                                                                                                                                                                                          SHA-512:C303E25FAC7317E9A3C570F07ED9B7714B7A34DC9B2D61E39209D99D65ECCFFEFEC6D6DB40EEC2A52F8A70E6C50275376F02958199A7FE36B8DE80B1AA2BBDA4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...[Shepherd]..ABTests=62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,oa-7466-v0:b,oa-7675:a,oa-7794-fake:b..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_release-20-percent-userbase_version-18.6-and-higher_production_quic-sni-block-release_v2017_hns-pre-scan-enabled-countries_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_versions-older-than-23.1_opening-browser-onboarding_old-smartscan_usa_ipm_6513_open_ui_b_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-a547bb4fa92a6a7ac70d90e6800fdce3c79b1800664cea838d88ef2e683a52f3..ConfigVersion=4916..LastUpdate=1710362077..NextUpdate=1710450501..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\asw1da49b60db914d3e.tmp (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):29421
                                                                                                                                                                                                                                                                          Entropy (8bit):5.879150436784093
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:D7rV0hjbpPbNH3V2g0JigYwTTPUxoBDDTrn1OCsXhxvFr7qz9PMpmlfQXDAIvoqx:bVWZbwJiCMxSTr14xJcBMpyIvosttx
                                                                                                                                                                                                                                                                          MD5:8A21B9FE1768339994EDB0339E20097B
                                                                                                                                                                                                                                                                          SHA1:CB71750D81C963A6571EC9E07A035EA5518F68F0
                                                                                                                                                                                                                                                                          SHA-256:FB8FDEFD0C23311E4B9237ADC5D6BA844B08095E0B587556E29837A758DF1EF0
                                                                                                                                                                                                                                                                          SHA-512:AE8DE91AE1C2D38D1F666CE87701A7599DF235FF7ED56BFF6C3881E3DC9DB6BCC86C342DAA15EAA7704E43D89FD61C7032FDADF4A52B0AC1F145E9C8A656117E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkipp

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\asw1da49b60db914d3e.tmp.new

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):29421
                                                                                                                                                                                                                                                                          Entropy (8bit):5.879150436784093
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:D7rV0hjbpPbNH3V2g0JigYwTTPUxoBDDTrn1OCsXhxvFr7qz9PMpmlfQXDAIvoqx:bVWZbwJiCMxSTr14xJcBMpyIvosttx
                                                                                                                                                                                                                                                                          MD5:8A21B9FE1768339994EDB0339E20097B
                                                                                                                                                                                                                                                                          SHA1:CB71750D81C963A6571EC9E07A035EA5518F68F0
                                                                                                                                                                                                                                                                          SHA-256:FB8FDEFD0C23311E4B9237ADC5D6BA844B08095E0B587556E29837A758DF1EF0
                                                                                                                                                                                                                                                                          SHA-512:AE8DE91AE1C2D38D1F666CE87701A7599DF235FF7ED56BFF6C3881E3DC9DB6BCC86C342DAA15EAA7704E43D89FD61C7032FDADF4A52B0AC1F145E9C8A656117E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkipp

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\asw9915b383b0ff8da4.ini

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1431), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1743
                                                                                                                                                                                                                                                                          Entropy (8bit):4.984145813312979
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TUcSR/aG0U/nlzrQlK8PH5CgAG8obqyRW4/uzOfbzy1J/UQwqUTKFZYbjpuzO:TURtay6K8RCgB8wqwL7y1ZUQwqUTKWsO
                                                                                                                                                                                                                                                                          MD5:E714FE0F0F30ADC769442A1BB5714A5D
                                                                                                                                                                                                                                                                          SHA1:778BCCB27AF4B8738323F302FADF6F449FEB8992
                                                                                                                                                                                                                                                                          SHA-256:A9CA3D84E5862F6996389F7387C89AB757E3A940F71CDC0DC36379B1A154904D
                                                                                                                                                                                                                                                                          SHA-512:DF0CB9A773F88CF51868BB43349DD6569F191ED4F9F53DC45D31AB32645C1B73E5D743EC7EC6C735A3E2370011601BD126B680000C213C3DD0645312ED53D434
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...[Shepherd]..ABTests=19fa92d7-cec3-489b-9f86-f88a9780902e:A,62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,f269135a-abf6-41df-a90a-13b411c26efa:A,oa-7466-v0:b,oa-7675:a,oa-7794-fake:b..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_email-signatures_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_release-20-percent-userbase_webshield-tls-processes---stage-1_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_version-18.6-and-higher_production_hide-att-url-params_webshield.quic.block---fraction-test-setup_quic-sni-block-release_quic-on_versions--22.1-and-higher_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_hns-pre-scan-enabled-countries_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_noomnianda1_smartscanfreetrail_smartscan-free---antivirus---win10

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\asw9915b383b0ff8da4.tmp (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32860
                                                                                                                                                                                                                                                                          Entropy (8bit):5.866591701830731
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:B01bebwJin7ruSDdxG4xJcBMp7IvoL5v7:q1Sb4yHHF
                                                                                                                                                                                                                                                                          MD5:6D2F1E977F02EA08AC4487CE17CF4073
                                                                                                                                                                                                                                                                          SHA1:1633936BC5BFC2DDFD3EEE1165D27486187BCBEB
                                                                                                                                                                                                                                                                          SHA-256:CE864B455A6D52B37AC44CC479DDCFC0F2B6199D710FDE6CA7260D852425557E
                                                                                                                                                                                                                                                                          SHA-512:4BDF041DABF9CF787FD4634037FA077C78451F9C7152D03A13294E0D081D999155CCA867EEFE655A3746D5D9E5FEFD9E8B21CA475E2B0FD501CFC084B5CB2010
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..Lice

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\asw9915b383b0ff8da4.tmp.new

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32860
                                                                                                                                                                                                                                                                          Entropy (8bit):5.866591701830731
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:B01bebwJin7ruSDdxG4xJcBMp7IvoL5v7:q1Sb4yHHF
                                                                                                                                                                                                                                                                          MD5:6D2F1E977F02EA08AC4487CE17CF4073
                                                                                                                                                                                                                                                                          SHA1:1633936BC5BFC2DDFD3EEE1165D27486187BCBEB
                                                                                                                                                                                                                                                                          SHA-256:CE864B455A6D52B37AC44CC479DDCFC0F2B6199D710FDE6CA7260D852425557E
                                                                                                                                                                                                                                                                          SHA-512:4BDF041DABF9CF787FD4634037FA077C78451F9C7152D03A13294E0D081D999155CCA867EEFE655A3746D5D9E5FEFD9E8B21CA475E2B0FD501CFC084B5CB2010
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..Lice

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\avbugreport_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4995480
                                                                                                                                                                                                                                                                          Entropy (8bit):6.513466309572837
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:YMLfHhldPFjnwlNPzJrpxX5lPuf20I9qhXWYu7/5S6tvI3Et12IC8ztW96BuBAVj:arJv5FidWYC57tTsiV6ltkb0Dldq
                                                                                                                                                                                                                                                                          MD5:32D3AF2566FD2934E2E222686FAD38F6
                                                                                                                                                                                                                                                                          SHA1:D94B1E6B69DFBD4AA558FFF286E8A49C5E9FBDC9
                                                                                                                                                                                                                                                                          SHA-256:7D4E79BDDAD1A5484FE1BAC786EF5A9A451A8FD60519D60D1D40B6B22BC325BF
                                                                                                                                                                                                                                                                          SHA-512:86ADDFF38C283FBFFC417FC64F0A3AEF3CA2902956E3FA990876C7ED5432BB8C098C823F13D9CB4B0E0705FBBAAF65970AC27580255E4D4BFDAA6B7B004009AD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......rKI.6*'.6*'.6*'..X"..*'.0...:*'.0.#.%*'..^".?*'.0.".A*'.0.$.$*'..X$.&*'.?R..4*'.D#.0*'.`_#.*'.6*'.;*'.`_"..*'.._#.7*'..X#..*'..X&..*'.6*&.j('.\...k+'.\.'.7*'.\...7*'.6*..4*'.\.%.7*'.Rich6*'.................PE..d...9M.e.........."....&..2..........n.........@..............................M.....-.M...`...........................................A.......A.,.....L.......J..[..H.L.P)....L.@j....:.......................:.(...p.:.@.............2..............................text.....2.......2................. ..`.rdata..0.....2.......2.............@..@.data.........A..j....A.............@....pdata...[....J..\...>I.............@..@_RDATA.......pL.......K.............@..@.rsrc.........L.......K.............@..@.reloc..@j....L..l....K.............@..B........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3553688
                                                                                                                                                                                                                                                                          Entropy (8bit):6.472585130149831
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:W6qW6MWNsVp478L0GYoCgTvgaA1gzHBxBUPpljXp2swtTt2HsK17kyFxA+0zGycw:WDWXvk1JMtJe63
                                                                                                                                                                                                                                                                          MD5:A9A99325FC3F0E14A2FC9C41DEDB8C8F
                                                                                                                                                                                                                                                                          SHA1:869B846466552756EAB5D30D9022F2A08BB93E12
                                                                                                                                                                                                                                                                          SHA-256:8043322E2A1F6A9DEAB38D0748449E32805CFBF9C439621900F6174526586729
                                                                                                                                                                                                                                                                          SHA-512:9FB6CC535852CF87D8C632308AACF8ABB449061C63FC41D43411D0D651BCAD26416D6D2F3E603F764DAA3927B4F8547EBC64B5BBFCD183FAA674F8A33D832CDE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z..Uz..Uz..U...Tv..U...T..U...Tf..U|..Uy..U|..Th..U...Ts..U|..Tn..U|..T...Us.kUx..Uz..U}..U,..Ty..U...Tc..U...T{..Uz..U...U...T...U...T{..U...U{..Uz.oUx..U...T{..URichz..U........PE..d...>K.e.........."....&.. ......... 9.........@..............................6.......6...`...........................................,.......,.......5.......3.....H.6.P)....6.(Y...7'......................:'.(.....#.@............. .@...0~,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data....=....,.......,.............@....pdata........3......N3.............@..@.didat..P.....5.......4.............@..._RDATA........5.......4.............@..@.rsrc.........5.......4.............@..@.reloc..(Y....6..Z....5.............@..B........................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\avdump_x86_ais-a31.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3300760
                                                                                                                                                                                                                                                                          Entropy (8bit):6.599594150950671
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:7ZeFkAI0+Smz3ZOl6F5KJERCq3fECY/j6EEf2ELKgvgpUFuoI+Vzy1AyfSmYKYoV:tDAI0+S03WpGRT3fECY/j9Vx
                                                                                                                                                                                                                                                                          MD5:19C867597DB18F12A432B18910D0254A
                                                                                                                                                                                                                                                                          SHA1:C46E49567B58BCD6DFF28A74F6C826822BEDA51A
                                                                                                                                                                                                                                                                          SHA-256:6634705902AB86BFC02C28028D9C67648E36F9CB5389DB6F2EAC2690C71F3214
                                                                                                                                                                                                                                                                          SHA-512:258CA738F1DBD076C67C4E155DC0A0B6A45DE700D017F2196D51D1021BA6AC790EC5B4FCE71F881629AE713CB563A1ED27E8463A6F5ECBF83DBFC863ED4F34CF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........I..(...(...(..pZ...(..pZ...(....D..(.......(..z\...(.......(.......(..pZ...(...P*..(...(...(...]...(..pZ...(..a]...(...(..o).....w(......(...F..(...(...(......(..Rich.(..........................PE..L....K.e...............&.b...@....................@...........................2......2...@...........................(.......(.......0.............H42.P)....0.....4.%.......................%..... .!.@.....................(.@....................text...za.......b.................. ..`.rdata...............f..............@..@.data.........)..n....(.............@....didat..(...../......`/.............@....rsrc.........0......b/.............@..@.reloc........0.......0.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\config.def

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):28907
                                                                                                                                                                                                                                                                          Entropy (8bit):5.879432259360809
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:DqiV0hjbpPbNHRV2g0JigYwrTUoBDVQrZ1ONsXhxvFr7qz9PMmlfQXDSbvoqZtPa:HVWZbmJiQU2QrrbxJcBMEbvoktPa
                                                                                                                                                                                                                                                                          MD5:9EC99EB75C9259A7B519D30D19180F42
                                                                                                                                                                                                                                                                          SHA1:4F8B0B3F0E67993B04FECED1192302310E0576DB
                                                                                                                                                                                                                                                                          SHA-256:9601CB9020858512BCAD51151397560B7C07D1E7B746303A7CB4A39C59EC6862
                                                                                                                                                                                                                                                                          SHA-512:D1527F780759B10789D7A93212B9A8AEEF12CB887A4AC9E0413B79E3621D7F89AF6CAAC65BE96E77A95CA5A24EFF7A848FF78DABD3F77E100427FE155E79156A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_bpc=0..ais_cmp_fw=2..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkippedDomains=whatsapp.

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\config.def.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9923
                                                                                                                                                                                                                                                                          Entropy (8bit):7.980596399921627
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:pElGwtm0LxNIpU5WPtLydIQRclnfsuHgVpE9oOvPyUftlV49zofHhIsPo1KjM:pEYardKpUMP4RykuHgVpEb6UHVOzqHVY
                                                                                                                                                                                                                                                                          MD5:D0DE8F3E318B15ECA372C3A821D7E348
                                                                                                                                                                                                                                                                          SHA1:CF3CD77ADB84390948F800E4B2651CBAFE59C2D1
                                                                                                                                                                                                                                                                          SHA-256:370885691F2506F0A44E94C989A385AC91D8B6A1D900BA22C6753C9A6E826AFD
                                                                                                                                                                                                                                                                          SHA-512:BA3AF2873A6248BFAC13050602B6DEA46E3B275EB8065FCD2589B704D180A5ADB7FE965653A1BE8840318B40E7D685349B5E0F618CE1E8098641730896970412
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.p..c&..]..@..-.....D...5/\.(..v.D...<FG..;..`...\.J.)<{..Z.5...`_B....~.....{.......8.W...(...N.B........t..w.e.@....E.q.....q.v.[.V(2.S..v.. ..N...r...W.!......,.g...}:.M..5O:.....s...T..n.b.8.n.N>..8...^L...........,.1......d..)........6....d..Ox..wB....=eS.G..vo..i...57....0.......,h.\....,..6..2.u.. ........7.....n."G...?.>..2C..D...eL.@......}i......mL...c...zS....1.x..].<.".N..........0{n^`I.:.S...0.e..mn?1.+H.CF~.....t.>>....A.8...0.,.(.H!Ah..T.U.ER.U...t...7P.NX.....`....pE.C.;.c,....D#f^.R..".'@U.s.NR}..;h.!f.=..].......^.K..4.jE%..D..t.u.....!.):S./.7.....9.........HE...=..=Z.S:?D..t..-..Z6..T...4...F6..J4.E.\1m/......%..S....G..Q..Dk..."..p..._K.Z.F.)..Y6.iyN.r=\X..i\..i......{......I.dA.z..Q%>x.:IW.....].<...~;M.......DB....U.mn..7..-.....Qt.)NA.r.....(....e.7...h/L"...'...f.....m..?.gUY..K$....J..x{.3.S......Gs.~d."o?K<TH........B.5.G.>..Kh.....).8,Z..9....G..2..;...&..Y....j.I.3.%z.X..B.8X...e...4.....

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\config.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (617), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                          Entropy (8bit):5.126740403514931
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:lcqaG0R/quPv2T3McqGry/lTKFeuN9XJ0jO:lVavHOpry/lTK4uNbmO
                                                                                                                                                                                                                                                                          MD5:78D6727BD36563B2CA268CDCD6ABE278
                                                                                                                                                                                                                                                                          SHA1:F175F0B27EFBFC065231CA3C8D599C5C8DA9F79B
                                                                                                                                                                                                                                                                          SHA-256:54B2F29FE7A3E49A768FFEE8B9ED01DD1FA17F8B6511A4F28535BF0259A5946C
                                                                                                                                                                                                                                                                          SHA-512:C303E25FAC7317E9A3C570F07ED9B7714B7A34DC9B2D61E39209D99D65ECCFFEFEC6D6DB40EEC2A52F8A70E6C50275376F02958199A7FE36B8DE80B1AA2BBDA4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...[Shepherd]..ABTests=62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,oa-7466-v0:b,oa-7675:a,oa-7794-fake:b..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_release-20-percent-userbase_version-18.6-and-higher_production_quic-sni-block-release_v2017_hns-pre-scan-enabled-countries_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_versions-older-than-23.1_opening-browser-onboarding_old-smartscan_usa_ipm_6513_open_ui_b_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-a547bb4fa92a6a7ac70d90e6800fdce3c79b1800664cea838d88ef2e683a52f3..ConfigVersion=4916..LastUpdate=1710362077..NextUpdate=1710450501..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\instcont_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3902920
                                                                                                                                                                                                                                                                          Entropy (8bit):6.4457166076890156
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:Qn1m5djOp3gPNZIavZIfh2oK3d9bgl+pPS4q1MpTYBdWA1fV92LJdjlSf8go4vdv:2mnN9jd9+Tff2M
                                                                                                                                                                                                                                                                          MD5:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                          SHA1:3A01CD29C29FB0551ECFD831CE7D7F759C22026E
                                                                                                                                                                                                                                                                          SHA-256:7CE3272268ADEC6442A36934894CA19E4916502748E8347FD3B2F66535D1C0E9
                                                                                                                                                                                                                                                                          SHA-512:AF9F9BF8F937DB69CF2B3B0AFEFC7005FDDB2F1CE405B2A04EDDA1A65A25E42E45916B450329EB463ED17A0E815816F2CF7EE66059AE8B2BD51DC27BCE3C0909
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......C....O...O...O...=...O...=...O.......O.......O......hO.......O..m....O...=...O...7b..O...O...O..Q:...O...:...O...=...O...O...N..m....N..m....O..m....O...Of..O..m....O..Rich.O..................PE..d....M.e.........."....&..$....................@............................. <.......;...`...........................................2.......2.,.....;.x.....9.4...xd;.P)....;.P^....,.......................,.(...p.,.@............ $. ............................text.....$.......$................. ..`.rdata....... $.......$.............@..@.data...p....02..&...$2.............@....pdata..4.....9......J9.............@..@_RDATA........;.......:.............@..@.rsrc...x.....;.......:.............@..@.reloc..P^....;..`....;.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\instup_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):18940824
                                                                                                                                                                                                                                                                          Entropy (8bit):6.453823235860475
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:393216:aNtsX/GV0VBKrcqa7pKjgJMCatC34lQuIA04vClrQkpA1:aNtSqoBMCn3sJ
                                                                                                                                                                                                                                                                          MD5:ACF0AB6B59EEC2FE550DE1882674C740
                                                                                                                                                                                                                                                                          SHA1:F62610B5F8ADF7AD05F03E30E927206EED8978A7
                                                                                                                                                                                                                                                                          SHA-256:5363CEFB3C2ABB55222887589E87C1235A533FB9601A9E12A027A4A5E56DCCB1
                                                                                                                                                                                                                                                                          SHA-512:9F3D9F45008A7B44C3F4FAC219BF64D5DE71B1421010613BAE50EBCB8D3149951F1CC6F2586E7B289C33CDCFF628DCBBFF0969D368D354C1849E1D31D48B3C0D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........a.4..mg..mg..mg.thf..mg.rhf(.mg..g..mg.if..mg.rnf..mg.rif..mg.x.g..mg.uifs.mg.rkf..mg.uhf..mg.uif..mg"wif..mg"whf..mg..mg..mgOnnf..mgOnif..mg.rlf..mg..lgx.mg.nf..mg.hfg.mg..df..mg..mf..mg...g..mg...g..mg..of..mgRich..mg................PE..d....N.e.........." ...&.@....}.......P.......................................".......!...`A........................................`q.......w............8.........H. .P).... .................................(......@............P...#...[.......................text....>.......@.................. ..`.rdata....-..P....-..D..............@..@.data............Z..................@....pdata...............>..............@..@.didat.. ....`......................@....sdata.......p......................@..._RDATA..............................@..@.rsrc.....8.......8.................@..@.reloc........ .....................@..B........

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\offertool_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2412488
                                                                                                                                                                                                                                                                          Entropy (8bit):6.788946530999311
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:3ue9ZggggMiD3stKPnAnxrTfyAvAfAAEV1rnFTZT0krlGW+Fj:/VAwnAncAo7ELxTZT0krgF
                                                                                                                                                                                                                                                                          MD5:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                          SHA1:D896E30028659BAB78FD183ABCF5E4A4EA2D324E
                                                                                                                                                                                                                                                                          SHA-256:856C30C59588B934BAB3A049818812BD654F231A45F7299D5C9D697E831C90E0
                                                                                                                                                                                                                                                                          SHA-512:91E3FF5EB298526CE3FDCE4442F610A609FC9F35B1059C819DB0297506608BBD64A48E41CFE723813D61B659CEF54394001706AA0DEAC550FCC3595A55E36474
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........!...O.O.O.V.L.O.V.J.I.O.<..O.<K.O.<L.O.<J..O.V.K.O....O...K.#.O.O.O...K.O.V.N.O.N.4.O..<F..O..<O.O..<..O...O..<M.O.Rich..O.........................PE..L....K.e...............&..........................@...........................$......'%...@.........................0...............................x.$.P)...0$.....Hj.......................k.......i..@...............d............................text...Z........................... ..`.rdata..jM.......N..................@..@.data...Dm... ...H..................@....rsrc................V..............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\part-jrog2-1378.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):697
                                                                                                                                                                                                                                                                          Entropy (8bit):7.558417002159782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:I7Tjui3yY3GcCdvTtI0eNT/QdqTibcHqkG2cGk3r8T0MGr6HZJSPRLuegY41KlPK:UTjKY3NCPI0IT6qvGNGk3rlVywFP41+i
                                                                                                                                                                                                                                                                          MD5:BF29642063BDB0E6D2CE1275486D834A
                                                                                                                                                                                                                                                                          SHA1:AD7CF97C43E60714CAC84AB03142948892086839
                                                                                                                                                                                                                                                                          SHA-256:2C652381CB6FDA9336E08677C325D6DEB50AD00CC3AD543E7AEBEB1FB2CF0B23
                                                                                                                                                                                                                                                                          SHA-512:F1845D8042252A00ECB0619CF7D6B740B1DAD31A6570915FF0C69B953201A361E2534016E6C570DFF0F81AAE6E8BF656509BBB5FEA895C1925ABD07C4D4DF46E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFile....Y...x.-..S.a..._)K...A..sl..S.".c..HN....pe.q.....B.+...DB.%.g.y_4..........*...$D;N...'......,?/7[A..?.:..jJ.V.d%.&..N.+.....U..m...=....S...u.'..mlo..L.h.._....J.Z...x...1N.|..8..3yT^.!yS...e..!..<,..z.P.b......k.k.SY-.e.u..M....~../.^.W.[r..nyO...Ny_.W.v.V.+r..m..-.o...x...X.....}..Kr..#..W...S...+.:.8....O.ke...5..r>.|....:+.g..r.gQo..3..../a..._D..y=..7}.....}d....4.......9..)..Y.3.gp~:}L..T.'.|..1...D...H.....<I.O......_<.|c.3.>F..(....e_.......7...yOQ....H.G.=:..g...?.~.......9~...O.....~?......a...B.O.........l............!.;c...e......]...^........oR.a...?.[.X....hR.s......._...M;.N{.k..5sMpY.y.......o....Lr..=.q.ASWSig2B

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\part-jrog2-20.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):211
                                                                                                                                                                                                                                                                          Entropy (8bit):6.82095977908995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Do/QuV7sBVIj+1q7TYI/ywBK/gUNB+8Rl4rEKZ4gn:MQuSC+gYCywEZRirE04gn
                                                                                                                                                                                                                                                                          MD5:EBBF83D0C91280A0F82708A0F42D4489
                                                                                                                                                                                                                                                                          SHA1:3A6CBE7580735C038CA28DA63515A30B26D36014
                                                                                                                                                                                                                                                                          SHA-256:A621744C13E67B489D066AF58F6FC93B20AD01397E81199B36E52F2964B44084
                                                                                                                                                                                                                                                                          SHA-512:2CA67E98A22545C679FB4E413392F68AE7B76DC46A8AC0CCF6D714F5D88A63BF6DB9FD2F2DAFB1DF1FB3FB5A0F583913170C6772431E56AAC0538552DDCC90FB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFilem...s...x..pt.Ne``.s.ue..YE..F...n.@....773xW.k$p-............V2..y.N.>..Xp:........g..=.rdB.kmIF.U..a.A..@s........h$.~$.(.I.e...b...&(c].<5r..q..c.'.,.q..?.....vpE.1n.}...a......ASWSig2B

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\part-prg_ais-180217d8.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):75738
                                                                                                                                                                                                                                                                          Entropy (8bit):7.9978317410441795
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:A5NHYD3OyZkiynQcVuoRwH1K6iTgPrKkTOkrTJSh8Ex+/ta:A5NHYDeYSuoRM1niTg+kT9FU8Eia
                                                                                                                                                                                                                                                                          MD5:6C71D4CE25D27A10827D436B272688FC
                                                                                                                                                                                                                                                                          SHA1:B871397B5BA78A13804A7FB1160A425ED408E3DE
                                                                                                                                                                                                                                                                          SHA-256:ADB39BC4BD2BFB7BF08F6C7F746BA392274D3BB89B561504A301A540D821DC44
                                                                                                                                                                                                                                                                          SHA-512:5C7CDEC279BBD657FDF88710602D548588D38E475E8FEA60B1A23366BE69CE90A65D4F311CF491A314EE58317B6D34D464333B4A55009069F1129C06954E57B2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.*..z'..]..@..(.Dx_.......~..1.Pd.....=....3s6.....0.|..~/..gG.%rm..[..&..Kr#.-|...i.;~..)N....&.8.f.......Qs..._...o.R..<......m...b.....*....s........V.6}..p........!.*.je..vvIS.9.$........_>G=E.......0..N..]>@".RP....-.G.....w.|.`J.....|K...ADb.mz...~.....68......F.U.F.K....[.;R%6...3.E..H.....F8.H.c1ge.dA......x....s`.....y..."H..~.~.<%.Y..|...(Xp..u[+N....#c..W*.3.)..t .....>....9.....n..0Q7.}.V:..F..T!.).G.....V.@.T.>.6.v?}...}...@]6!@.*.m....}..&....{.t.=7...5.mN.4.....'.(..S`.gh.,B.`g7.DcM..8...../>7.G..K.-...:....s.....T.[..n{8.c.pv0R...:.....K.{-y...W.../.Ocz.w.v`.[.[......1.AfD.... ..j.\..#.|I:}b.;.'..J..|{.L..xQ3..?...n...CUd\"m......F..".nJbak..}..JJy.=..q.(..Y....v;.D.............~....)...=.,.p.V.)....(...........Ey..."...'.Cc..j.....bF...RFh.bX......:.N..U...:.w&.6................$.`E.#...Y..?f.fr.8....K..t..Ihs.z..@.2.=D.s..S..N.'~`.)..5R....L.......3...........u..`8.....|.K..o-N6.~.[T.....#...Mor..{.aP<3B..C

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\part-setup_ais-180217d8.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4397
                                                                                                                                                                                                                                                                          Entropy (8bit):7.953199557337158
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:icRM59JIs3NdqkiJsVt05btsS1bSlv1/Zi0ulQuxQ5LIXGwcJHUYn:ickWUNdqH4t05JsSF81IlYLI2vHUK
                                                                                                                                                                                                                                                                          MD5:097D0EABD44E9BAF473C81819C3EC55B
                                                                                                                                                                                                                                                                          SHA1:BC2A92474BBDB4EDAF14C1C190B825EB6193EB48
                                                                                                                                                                                                                                                                          SHA-256:8698EDB56EA12329BD42D79E1E2FAF6CC9414DE598CF88F65408A01CE95E5011
                                                                                                                                                                                                                                                                          SHA-512:995041F9FC774BFC764E6CE4529F49BCAE367CDB229F582E8CD5E6AF352BF729CFE6F686379710B7AD3A74EFF703CBB5FEDE8B3639AFD2FBD2929269DFBD9727
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3........]..@..(.Dx_.l2......gz..k.+..).Ys..)tj....<..}K..b.......q.g.j.....?.._G..1#..P"...*..T. ..].....:zzIi..V..6..pV.z..Zk@%._....".:......i~.....Ja..;\sR...T..>..9`......E.g..~._..r...'kc.$.YPn....EV..e./U*.y.hZb..".R1..+.E.5..."...Y....;EL*=?...#N..8...V...]R....3.?.YF.K.|M.^J..,.P&.......e.z.YC$.!{.n.....'.n3W...EoXu.....n.Aq.+.Lh..?.......6D@.v1.2U...4?..c......9{.......h....0......N."../.,..?..k.E.....g4..F...#(B.....z@.e....`DU;b.uj..y....u.4.C:.,k...X.V.c...@..s......h...b.]... .0s.p....]Ay..:.Y.iE).U?..;.Wq.......\Mb.....M..c.q`....;...t0`...9a.n.......E...ee.9...)....J..b.}n.BXD..oc........0ns..r.^.z/. ...$....(;...^.r..M.n%.W..A..2v.......n...YS.v3..3y......].w;....^...QX%.i8.. .y...#.k...<z/E.hI..q.^.y..=..G.@,..*/.rj...W.....h[.....)......Cb|...._....d..!X-..f.6tW.r..O:.>Rd.S....,.......%...?.~.vV...Pf....>.-.....D.94{.J*...-.i...Pb.O..M.]O..y.6..5..`..}........a.>\i?q)..."z.,..l..0.{3...M~l=G..m..&..j~..>

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\part-vps_windows-24030404.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11984
                                                                                                                                                                                                                                                                          Entropy (8bit):7.972915435409775
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:LCqzYVh4XXTCrVLp2szo5KFoHpt1o44xmEtNUhsCarKp5K64Tljrz87gCGGmi25/:LIKWJrZ2v1o/jtKE5645jv871RmhuKYk
                                                                                                                                                                                                                                                                          MD5:2BCF45F7202C6A6CB96022BB69A30293
                                                                                                                                                                                                                                                                          SHA1:B39FE07055E2C7C44F5800C1D1C427CCFA158E67
                                                                                                                                                                                                                                                                          SHA-256:F58FCD23B784BCD52F8B6EC982E6385024458F87428E11607A1497D12FF4F562
                                                                                                                                                                                                                                                                          SHA-512:C3B9E452A0E870E10DC18373B930A84715607BF7D1EBA529771868825867BB86CA8E499873D013DA55CAB9629482C8F4AD78FBE8A2B15F7D5C0B7E32DB3CCE15
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFile.>..p...x...uPUa./|v.R..FiAZ.S@@:....DAP:.CAD.DT..$%$.:.AR..Q@.e.k=.>..w.g...q..{....+>|/...........N....y................l)fo.8v.$....+......6K..Z..C.......9..?....{...@..N.@D*./^.....Q.......e....n.|..I.:..H.........".%..A.6......^..5.^..j.*. .2.+!.".+ .<..!.,.. U.Y.B.$......^..b.(RE.ua..!U.y.<R..u~..C...... ..Y.BzN.r .,R. .#=.RYO*..9...3#........4R.u:..".4HO.T*d....HO.Trd...I...RI.ub.'BzB.'@z|.."=...HE!.xH.........".!.. .>R. .~..w.~.......o"u.Y_G._H]C.W.~..~....~...~..?..Y..9.E....)d}..'...R..1..E...>..CH?...H.....^.....F....Dj....mH..-HmF.!.W.................Y.|b$.b$.b......5W...;.aR.eb.Dq..-....*....CO.........JD._...s.........zR........W8K.1.....E..L2h..L..c..?...I.2b...,`rp..0.........LZOb..I+...U0.`r........&..d..K....vk...$s...,.`R...09UK..\..L.....l.#.L.*..&..I..>.$..k...d.2.`R]..0Yr...q.D........0B.d..2.$..1`....09....$.&.Lbe.........=Z...m.`....0.Z@..ts'.L6.&.L....&....?...&w_b..rA....%+`....`..8.`....0IM.

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\part-vps_windows-24031205.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7413
                                                                                                                                                                                                                                                                          Entropy (8bit):7.976453346545701
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:oV/nXw9vBJSKMtDaiAUjrdt9IjZ+5uhPOnX:o9nXw9vBGmA9bIk4ZOX
                                                                                                                                                                                                                                                                          MD5:F8D258C416A200CDBEE9796CA92349EC
                                                                                                                                                                                                                                                                          SHA1:8AC6F50E2EE598233A6712614986EC7548DBE309
                                                                                                                                                                                                                                                                          SHA-256:0C47CA13878279FE0EA6AF2688ABEB84FAB19CDEC2F5C87EC23DECE4B6CA81AE
                                                                                                                                                                                                                                                                          SHA-512:C6814877083C90FC086912E39385BC16279AAE2CC5A3E15CED74769590E34EC35D37837BB38499D5354B7E07BED9B3C0FD2BA11065F9F0A7FB479238CB38DF3D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFile2.......x.}.eL.\./p........n.{qw/.}p(.....)Nqw..Xq;O.=o.s.......>._.....I(.CAA).)I..s{:...;9..qs...H..3..9.o._..1[..cy...u..$.....:.gJf..?\.:.e....E.. .RpF..S(`...hI..#....?%sC....t.....Ls.K7#3'..'....2.9..\.h6.......x...Ue...^p`^./{....[.huZzF.M...a.<l.#6r..c..f.d............."PCP?..%.RqSc...#...{;.z.G.....(.q6.*...}hH..2..S..H2....U..R.....7..'.....Ql.L...U....7.#...P..e.8.5..T.=73.......{d@I.L....P.X..hU..(....P....?&...6urr...e....{...e..&..#.T.k.........%R$.......+.D..w..C7...#.+.q.R..o..........Y..L........?..9\...\.M../.<..d.R..L'/+..6.\t......K.2`J....p1..k..a.cJ........$j....:......................_....C.!T.:.....H.h./F.........QR.K..e.O.............U'......t.?>..s.u.I..by.........,.{.0O....>1?....i.....W..$.......|6.W.}.O...E....s.......Js.T..oSw.?...d.v#.x..:1..}%<N..jN.d.\.(...y....6Of.gK*......?B.t...>UP....iR.__.......N+.yGR...-.{.S...z.W....{.~......~.6Y&Cy..a`Z..04D[.H.....Pe.Zc.9o\..'.=.V. .....CtDnB.~{.sH.b.$

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\prod-pgm.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):572
                                                                                                                                                                                                                                                                          Entropy (8bit):7.558614667533688
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:5xXyRBQNYQjvpcRWV+s6NniD6hJpte1lvkYQ/PG4y2Ln:vXkBeY2vpWWVDwiDtvfIvn
                                                                                                                                                                                                                                                                          MD5:0A054DF60D417F5FCBBF25FADB0E4AFE
                                                                                                                                                                                                                                                                          SHA1:A965157DCD73C2D6A5F833C9B2AC95BFEF2BE63A
                                                                                                                                                                                                                                                                          SHA-256:7E70B39519CCD50E544054FC436699D00B4595409BAB8FE2973DDD1D36B9F24E
                                                                                                                                                                                                                                                                          SHA-512:3308BB17E921C61DCD12E5B215901FA9CE70129B1A29FCB6D0AE4E31FE2002A9DEF29CA6D97703A0FB04DE8D90AB330356D84837C9169D92D45945DCC414E396
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3F.......]..@..(.F...^.np....BFHeN...y.h....U'C.En....).\.8#t..;|;...k3...n..&...Q.3..i..(a.X(...9]..i&..<I'...|.[..Lu.X....Oo...t;....[..(...{..'.#.dW.K.?..tc..f...hZ<..>.5....8Vl.....U.....VB...B)..J..9........l.B,.mI*'..?..Cb.`....pib.R.k.q}..S.]BF\0a..T..~....%...R./..{..o]p.mw.L[..u...LU..I..4..s.!.w.7/.>...[./$'3..6...|..h(.....ui.....w.Rt.......02.p......I....z|.s...MF.%.d#.*q.#...V...h=......N..e.kZC.B.qQl..$......b.6W.....H7.t...EY........`...7.Kk......wb.v..o_Tu.}8....v....p.....>.dC.u6......Z....e.a.@.ASWSig2B

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\prod-vps.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):340
                                                                                                                                                                                                                                                                          Entropy (8bit):7.333553298086711
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:DulSVt/JaU+Tkbke90ml6Neqiyzs8fgPX7os4L+Uy6zMu/cikn1yNpvcE5Qun:KlY/kEj+ml6QvyAOgPXssien4xcE5n
                                                                                                                                                                                                                                                                          MD5:687BB9B1E8194ED49941D5F341B74ADA
                                                                                                                                                                                                                                                                          SHA1:8DAF1F3882D6F2DAFDD5FD3B9F209570E366C8EA
                                                                                                                                                                                                                                                                          SHA-256:3D5872A4FC8060B7F3186249360F8D6434F824C3B66B13CF5334251B7E7913ED
                                                                                                                                                                                                                                                                          SHA-512:9C8955369136F59EA8607F63AD9DF3F2E6090478F846779124C99AADCA1725E9DC1A494D273DDB1563A7034276413B4BED147F9AC9D94DE4179DCC9E31D53FB9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFile .......x..p..ic``...pe..YE..F~...N.kP0.....n>.~ .e.;....H...X..zk.gIS...........an....z..t...il.....HY.k.a...7.9............23.....k...a..e.. .pC...y)...0...1..\.U.......&.....^...w.S....R.M[6+fk..k.Pf...e.t.o...?..Rv....ny.-=..sQ>.E..HeBl....m..j.I.9a1..>d......}^..IV..3.................Y.....ASWSig2B

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\program.def

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1539572
                                                                                                                                                                                                                                                                          Entropy (8bit):4.90411057802219
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:jbaHndUNyN2XLYuCN4MjWCN4Qj5qpwNmvH5Rw+YGvRNpn3DMSMd5i45eRpCvWIOL:iH+NWVw7DEDF4cts
                                                                                                                                                                                                                                                                          MD5:225ACA22F30759664D53A10EC7584E7F
                                                                                                                                                                                                                                                                          SHA1:1C0CA6C6CE19584BF680106F85DE61A473F1AAE9
                                                                                                                                                                                                                                                                          SHA-256:36AAA459FC1257CD61B866B4B484A23CCE20BD6327315A06E05F4DCA0348DE58
                                                                                                                                                                                                                                                                          SHA-512:EADFC779CE8CC21B0E42546BDFED9581F48C185092CA280832EA03DC49913410ECF346F2DCDEE69CEBE4DFCB07308E18ECFB02BB96FD79C5BE8E4619195967C5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="program" name="prg_ais">.. <selection-tree>.. <selection-tree name="ais_security" name_ids="23000" desc_ids="23001">.. <node name="ais_shl_fil" name_ids="20002" desc_ids="20003" />.. <node name="ais_shl_bhv" name_ids="20014" desc_ids="20015" />.. <node name="ais_cmp_avpap" name_ids="21062" desc_ids="21063" />.. <node name="ais_shl_rsw" name_ids="20022" desc_ids="20023" />.. <node name="ais_shl_web" name_ids="20008" desc_ids="20009" />.. <node name="ais_shl_mai" name_ids="20004" desc_ids="20005" />.. <node name="ais_shl_shp" name_ids="20016" desc_ids="20017" />.. <node name="ais_shl_exch" name_ids="20018" desc_ids="20019" />.. <node name="ais_cmp_rdp" name_ids="21064" desc_ids="21065" />.. <node name="ais_cmp_secdns" name_ids="21040" desc_ids=

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\sbr_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20376
                                                                                                                                                                                                                                                                          Entropy (8bit):6.64820412968221
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:GxaZ9QMb3KiVm+JmADIYiWoYrAM+o/8E9VF0NygP:GYZ9nbhJmhYiAAMxkE
                                                                                                                                                                                                                                                                          MD5:38F073F181FD2668EE160AE83B9D8BB9
                                                                                                                                                                                                                                                                          SHA1:1A77C8F984EFCD95CA0DC0EB2A14900671944B3C
                                                                                                                                                                                                                                                                          SHA-256:8B38E98F961512F8013142805706ADD8E1559B201AA471C35A04EBE71A530B0F
                                                                                                                                                                                                                                                                          SHA-512:CBCF332330CE71EDD3C3C84F50F77E282807E246513C6061584F33B7D3AF4AB87331F5E9227C9E7A3A0BE2435CAA242D4C7442400249C998354D610C340F14D9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d....K.e.........."....&.....0.................@.............................p............`..................................................&..d....`..X....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...X....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\servers.def

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:Generic INItialization configuration [server0]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):30252
                                                                                                                                                                                                                                                                          Entropy (8bit):5.13575811717365
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1d:Z9otwD4X63hwryPIBWrMYhOv+n8Z4D
                                                                                                                                                                                                                                                                          MD5:40166991E6A6F3904FC7FC1534D3A02E
                                                                                                                                                                                                                                                                          SHA1:8B54C8E1D2F629A2DFBA28199143A9FE3B3A0877
                                                                                                                                                                                                                                                                          SHA-256:F9EFA12E70BDDFD67D8267FE5474D319D8AF311FB459C626BF79C4B1B4BB003E
                                                                                                                                                                                                                                                                          SHA-512:532AF389AC35C9F0BA4696255C1379CF34743A0F56EC8935F328E866D74FE745D567E366D3AC1EDE183F19A40BFD3AC5DDFC1729639AC32272FB8D9F454E85E7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\servers.def.lkg

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:Generic INItialization configuration [server0]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):30252
                                                                                                                                                                                                                                                                          Entropy (8bit):5.13575811717365
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1d:Z9otwD4X63hwryPIBWrMYhOv+n8Z4D
                                                                                                                                                                                                                                                                          MD5:40166991E6A6F3904FC7FC1534D3A02E
                                                                                                                                                                                                                                                                          SHA1:8B54C8E1D2F629A2DFBA28199143A9FE3B3A0877
                                                                                                                                                                                                                                                                          SHA-256:F9EFA12E70BDDFD67D8267FE5474D319D8AF311FB459C626BF79C4B1B4BB003E
                                                                                                                                                                                                                                                                          SHA-512:532AF389AC35C9F0BA4696255C1379CF34743A0F56EC8935F328E866D74FE745D567E366D3AC1EDE183F19A40BFD3AC5DDFC1729639AC32272FB8D9F454E85E7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\servers.def.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2453
                                                                                                                                                                                                                                                                          Entropy (8bit):7.908696741315511
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:D31oBEs2XRm52nx5ivt4+qThjoZoGhjDh9yiHPkjOaNRoLQk38Cftn:Bo/ORmknx5Mt4+Go6G1V9f6OQ+QPMtn
                                                                                                                                                                                                                                                                          MD5:EE9CA03492C36A80F121CE875F37EE49
                                                                                                                                                                                                                                                                          SHA1:5FB09D00C2FFF875092C7578B382E86747C1353E
                                                                                                                                                                                                                                                                          SHA-256:88796CDDC56ADF9E49738EE870981EF8BB0711D576D431DE619D7F1D96EC4969
                                                                                                                                                                                                                                                                          SHA-512:4F714578DA12804A7C8E7C3416D9BD71315CB101A7E2649DD47FAA4BF5EF43699C957491C1751A630AF12D3D37665D28940CB4BC7571A21F2E5C315EF1FF037B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3,v..5...]..@..-..VF.....e.q.`.|.r+^.G.X..Zl...4Y......y..OXq9..G.g.s.....................s.k.<.......&.(....)..H..7`B.:=.-......g....sEg.8.X.o...q.L.Mu......?8.d........B[.|..g...u.....*^.>?...=.g.C...<q.y.k..=...y..kKi.C....1t.'....&.tN..,...>.l.......).E....._.v....{.yX....w...Xo..MY.[l.2..~....Q.v..Y.......e.o..j.=..l..<Q+F.....9\.>,......*..8D....y.j...q.|=[-.[r.v.9...}7./..N...\..u.Ik....a..s>Z.fJc.9..5..I..N..$7..)._..'g..>;..M-(......H=...\/`6I{O...B.jX....U.sK.IQ...:W.|\...v.}&.b.....XG<.../.M..;...r......'HuE.L.i\aY.;.(=-(.L........[i....."jR....+.K.Y.3. ...."q.../...q...C.rZg.ee...A.i....jq$F...H.....M...V...#..r.5..;.".)._(.p.v1S2fC..g.Z.z..u...;Q.-."...v...0....x....4.oc.#.m.|fLz..C.+.?8.q...%....e.Y.^.i/.J.....7..Xy9..o..!..S.._V..).Z..y>~..5.....`...CAI.9.....h.6..?.W.,@D..:&Z.}..9......4.f..!.U).J..?.......<.$........\%.Y..F.M.......t..j.~%......q.[.3..I.Y..c+..,!n+..<.....,)....J]..u.`..=......{.. ....,.......

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\setgui_x64_ais-a31.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4159384
                                                                                                                                                                                                                                                                          Entropy (8bit):6.48297975888014
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:RNJsXdVwQll/DRKIymdz69dbrqNmWRPSur:RYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                          MD5:6F8CB4FDB8853E49C62D2FE15245434B
                                                                                                                                                                                                                                                                          SHA1:0C557F9D406503E0643410138AE6A704ABF1EC04
                                                                                                                                                                                                                                                                          SHA-256:EE0A970AE87CE482CA67C84E3E959049F26F30105DA63E74824B0F7F5F0E7BF5
                                                                                                                                                                                                                                                                          SHA-512:CF472F24BE1BBDC6F4ECF99AB9ED9F3ECC0CED9F4AA22872D05B8D373835E2F99001CBF91363371F66DB12DEEDEAD8F7C635FC4C3D33946E26651679617FF6B3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...pM.e.........." ...&..0..........G(.......................................?......{?...`A..........................................;.....D.;.,....p>......`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc........p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\setup.def

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):39810
                                                                                                                                                                                                                                                                          Entropy (8bit):4.746658403977665
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:KuvwPBDA2JOzk6xdyPBnElynDWpphobBsv2Wm0MzNzUvuFqzeuxd9XJBzXO:Pzkq5lTj6
                                                                                                                                                                                                                                                                          MD5:D8573C5F8E4662576AD0CDEAFF56A7FF
                                                                                                                                                                                                                                                                          SHA1:41FE03B91C9FAF6B5C4DD196CD1A852B691F1416
                                                                                                                                                                                                                                                                          SHA-256:B9A5159B0CC11112B83B43D8CF4E5184CE57E5ED322153D8264E32CF4ED28F68
                                                                                                                                                                                                                                                                          SHA-512:5729337268A6D6A3876309CC85A69D393457A83227DC30D77A14F29C55B110B789FED890CFF1451AA4DC9B15810724E8FBE52E9D4971CE93A7116B3BFBA7710E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="setup" name="setup_ais" />.. </part-list>.. </product>.. </product-defs>.. <part-defs>.. <part name="setup_ais" category="fixed" type="setup" versioning="xml/24.2">.. <group-list>.. <group name="instcont_ais" />.. <group name="instup_ais" />.. <group name="setgui_ais" />.. <group name="offertool_ais" />.. <group name="avbugreport_ais" />.. <group name="avdump_x86_ais" />.. <group name="sbr_x86_ais" />.... <group name="instcont_x64_ais" />.. <group name="instup_x64_ais" />.. <group name="setgui_x64_ais" />.. <group name="offertool_x64_ais" />.. <group name="avbugreport_x64_ais" />.. <group name="avdump_x64_ais" />.. <group name="sbr_x64_ais" />.... <group name="instcont_arm64_ais" />.. <group name="instup_arm64_ais" />.. <group name="setgui_arm64_ais" />..

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\uat.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):15800
                                                                                                                                                                                                                                                                          Entropy (8bit):7.98838996987327
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:6WFhM1B75AbtWCalKC+h9KMoJY2hZdFkIkWTjmQdV+Af:3mfAbAYC+hcyE3Fkti1
                                                                                                                                                                                                                                                                          MD5:AAB0048FDF151FBACDFB0DBAB5228238
                                                                                                                                                                                                                                                                          SHA1:1A5F6A03D746D003F1062413D09191EB89C1E7AE
                                                                                                                                                                                                                                                                          SHA-256:E977AEE7ED23369DAEC697B4C4233368252FE7CE584630E24F279EC1180D0C59
                                                                                                                                                                                                                                                                          SHA-512:615EDD5CA960BF8B9710F033DE4D17B18D1919D6BC82CD324E3133816AF8B8D4AEC68050FFD5EEE306A9C74B131DA7E08A6DE82D64C88433AB3D461FB333E78E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.k..X=..]..@..&..p.........../D.|...).1...../Aq..k..Lx#..t.8..Kp...s.._.gr=N.`9....?.O.gp.0.7..yW....\.9f.F..||".CUy.V..n../..}X!P[.^6.YB.......z..T.rK.0.y..aJ0..rXb.u.q. .....S...A...v.......c....u$.r..5...4......u.r.R/|..."ji..1.-tGR.G.....a..6....W[$...o.........h..........z.......-..$..aF{.,..B.t..zB..F.m.oD}N{....\.P*..6...(M.........Q.s6k.b....3m.[._.......W{...|SYM|......g..d.6)!&.A._.ho.....i.A.,..>.9.7......r.v...@..2.l..|UU..fo.....-..'Q.$.Z...1...Q..?;.).D../.+..?G....x./...C.K...X~.b.m ..B..Ry..J$.Ve.@W.\'....(.K.Fz.*_.2.7v.)p..8...S-..RU...j......q....I...?.P..3.Qf..#..l...R>.....[...k.....nf.E.8.ks.L#."].f.@|.n....qf..M..Q[..|....>.p...Y.........M..k..`3.5.[jm.......{.....q...A.y.f.,NzZ.....4.....10M.......e..c..j.u......e.1VD...l.d..........\*.^.E..U...`.I....)..#kcS..4..EA.o.P.NO.hpH.k.'#E.W.l.6..95..G.......X6Y.'........:..e.@vc.J<k..n.....^...|.A.._.?:Y..La;K..4...(..%MV..Y.q....Gh."%>....Vx..)....<.

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\uat64.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):30104
                                                                                                                                                                                                                                                                          Entropy (8bit):6.81245023656339
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:G9FY0CyNuzvD+BLQnG1JVpgllhZgKR1svYx6ebkHQ7nIYiWrAAM+o/8E9VF0NyA4:UxCUKKBcns+DZgqsQsw7IYi7AMxkE9
                                                                                                                                                                                                                                                                          MD5:5B27033D9017E2F4C26F79036B4AB55E
                                                                                                                                                                                                                                                                          SHA1:29FF3896E9839082E46EB2F63DE213A0181BB201
                                                                                                                                                                                                                                                                          SHA-256:E56A6E77A4FDC4D62634A4F92A202A9D02E382C253C4BF11E5AD338D1DCB3BB1
                                                                                                                                                                                                                                                                          SHA-512:353492F13C791AFAB222D0054095BF2ACC25470FE598C17121DBE106B0D05189B72D1B09A48CA88271501DDCA52F1B3CC70E94679DC51B8316DCB7AE8C30B86C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.I.?n..?n..?n.YMm..?n.YMj..?n.YMo..?n..?o..?n..g..?n..n..?n....?n..?...?n..l..?n.Rich.?n.........PE..d... M.e.........." ...&.&...$......`4............................................../.....`A.........................................T..,....U..P.......h....p......HL..P)...........P...............................................@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........`......................@....pdata.......p.......B..............@..@.rsrc...h............D..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\uat64.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16863
                                                                                                                                                                                                                                                                          Entropy (8bit):7.9882898526517145
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:lhOf4uYbglNtuqWRIk02FT+jn5I506abKP2uFhaDLVqnkgl9Ou1:Pm4uY0bUikPFSj5Mcbu0xqk09X
                                                                                                                                                                                                                                                                          MD5:E02EEFC39B04DB8951449C945CD93472
                                                                                                                                                                                                                                                                          SHA1:FF85556AFDDDFB6D71BEB2288FC76075465D21AA
                                                                                                                                                                                                                                                                          SHA-256:F1F64057B28940C6B0233049D0AB6A2C9A5B5FBD01528E1E0AFA00D1CA4248FD
                                                                                                                                                                                                                                                                          SHA-512:FD49E3B113EDA1078DC77261D7CDADD468008F05EEA5FA786730A99B98200E18FD6F9F28A0A72C6C4E5810CFD96766588490B0AC61C83BC773F122434055A19E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.u...A..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y......Hdn.......l^.m......atrd."=..68...&z.dN.......H.u.a..S..+%.II|.+I..$.e....C(..v.3Y..[Ay.....`d.X.....g..~7.....C..L.)........M].^.<.L...?6 a..Y...o9.j.Q..E-f..._..7..%._..U)....l...(..a_&]..+..........p.L..Q..#..'h..e.3|c]K..../.....).w"...\.(.)..Z..6NL.*..(*h.....i...j.T.fYFA..l(....~,......)(Qg|..0......p.D.,.._'. ....P7.W,....&h.a s...s.cH...m.........t.`...).0.....q....t....Z.S.&K..'Te..`99M.....Y...N....u...].}..,.p3......P..v..z..|,..0s.8..VBL:C.v.d../~, .........y.........A.tB......<...N..s.......~..M.;....=..HJ...H..._..y............W.Y...;.U$........]].6R..q.~.="....}..A/.l.......k.....".~.*=.sD....I.2.at.z%n.0....+....T.u..,I.W....9.7oe.....\u.GD.K..e..9..b.{.@}.(0...'.N...g..Y..Y....q.aN....<..9..J.i.%.&...cM.^....>\..'....R~^......L...\.Z........y..-w;....n.<.ky.....z\.`.....X.../?..%.n....D%)..r..T.u..g...[...E..(.c.

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\uata64.vpx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10881
                                                                                                                                                                                                                                                                          Entropy (8bit):7.985037092366453
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:bI4cpCo1QZHW1Fq0hOS0pnkfVolDa70NsmnpuaA4HdpJmls4idWCsypfsWGs9H:bI4cpNQZeFl+nmUDO0jrA4Hd89iduypT
                                                                                                                                                                                                                                                                          MD5:8DA67324E5F113F1A0BC65502EDB0EC4
                                                                                                                                                                                                                                                                          SHA1:8D3F0D73F8021E8F00663E2D75DD4A21C0ABDDE5
                                                                                                                                                                                                                                                                          SHA-256:409369A85776A924F7DB453FF98B41C7C7A0D14C2BDE4456285699C2A4A0AA95
                                                                                                                                                                                                                                                                          SHA-512:D9816D89BA20389E08427BA102C53F8A83D1FA62BAEF9A7A3EFA461F6F4E2E001BF7E6DBCDB143A532419C5CAA84B249EEEFC25FFA6BC75119C2D3B83044D901
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:ASWsetupFPkgFil3.K..!*..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y.....6[b....-...q.v...Y...jKJ\y..t...x....Xp. ...........d..+.. .K!.J.^.>...WM.g.@D.6..!....U..u....}......QF.:..(?q.. .h.. m.y......U..}.M>'.`.....K.U0;*y.V...x....K...1O..i..Ig...?.j.....l.>..n...[Z.xi.X....L.l....(E..".,...csu...T[.ZF.......U.......*.x........A.C.z..%^..gZ(....I..,..su"Z..0.FK.v5=..le._..S#..Y...T.~..JL.<..x....("P..[yo..3_ucDW..../..q....i.;&k)..J.h!d...m.. .wvq..:l.D:~..W."...st.C...Hx.wf.8.D.'....]..V.g..y..VU...........@.]8^.t..?...MUk...u..Q...=...Bh...n.G.s..TY.z.X.....j.u@Lg....7l3..e...Wp:k.c.(.T.....+w.<.aN...)~)....a!0t.|u....P3...&./..o.s..pf.q...K...*!KK...........BN@.B.q...$......8#!.%.fbY..._....*...L6......l..m...^0....j...4.s.5...=.;..N...@..gt..C.....F...&..7.~t.@...m_.oqnu...,.yN.M.c.nj........$l......YS.Pq.^0..Q.....!..i...j......n&^..joG..i`r1...u........'.'^..x...U.O3]..Z^....tt)+..>&.7

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.65e28d24bc9dfc42\vps.def

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):55198
                                                                                                                                                                                                                                                                          Entropy (8bit):5.024970869316582
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:pvuCUuAU7soerqmZwyCW+TDgE9aW4EolvdpPIgZl94+dM03JYzOPz91ra77a97sq:pvuCUuAUQJ/lSh6Uou5TL5kv
                                                                                                                                                                                                                                                                          MD5:DA2287D5BA98386C3E1C897FC7F2F15A
                                                                                                                                                                                                                                                                          SHA1:FCB71BAE4603A983B3312598B2218650D9FC9684
                                                                                                                                                                                                                                                                          SHA-256:9FF0BADD06CFDCDE8320685072F0FDC990656202F997FF54016982774D295F01
                                                                                                                                                                                                                                                                          SHA-512:7D2F4B3C1DFF6BF21B65F94A12990349F24633B398705957AF0764EBAE21A346B31140F7CF530DA23E7330EBE5CC0E10491BD50A0504594FF8AC481CE7D220E0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<products>.. <product-defs>.. <product name="vps">.. <part-list>.. <part name="vps_windows" type="vps">.... <expand-symbol-alias>.. <src>%VPSPATH%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR32%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR64%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <condition>.. <or-list>.. <file-exists path="%SETUPPATH%\Vps64Reboot.txt" />.. <and-list>.. <or-list>.. <is-operation name="install" />.. <is-operation name="updateProgram" /

                                                                                                                                                                                                                                                                          C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9894328
                                                                                                                                                                                                                                                                          Entropy (8bit):7.910596699483975
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:196608:wPwGw/vlCneC7X84VJjGBaa4vYYlAeln/O0Q1plDyD7bvgs6gpHjK0H:GwGwl27X8+p2aa4wYlAyObyfDK
                                                                                                                                                                                                                                                                          MD5:3EE70E7C9C9C36265A818BA9771BBD4C
                                                                                                                                                                                                                                                                          SHA1:AB5FFE0FF1A04741E90583B78B99925D5ECBC58D
                                                                                                                                                                                                                                                                          SHA-256:C509A9B3F9DD6E3961FD5FF70CE462E440BF8AD6A8F99D8BE4020A1C4C774364
                                                                                                                                                                                                                                                                          SHA-512:F787800DF1AC5DBAED83D638A63CD3652C59115AEB9912D08FB24C1374D84F20513DB07F02B82762EA5EC8645A15A2236E42DE6F6CEE68345245F99025100260
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$............d..d..d..A...Yd..A...d...R.d....d....d.....d..A...d..A...d...<.d..d..d......d..A...d..d..f......d......d.....bd.....d....P.d..d8.d.....d..Rich.d..........PE..d...lM.e.........."....&.....B.......3.........@....................................(....`..........................................>.......?..d.......0x..........h..P)...p......8l.......................n..(....M..@....................*..@....................text...l........................... ..`.rdata...F.......H..................@..@.data........`...X...F..............@....pdata..............................@..@.didat..@............\..............@..._RDATA...............b..............@..@.rsrc...0x.......z...d..............@..@.reloc.......p......................@..B................................................................................................

                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Entropy (8bit):6.389832495797103
                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                          File name:Microstub.exe
                                                                                                                                                                                                                                                                          File size:263'576 bytes
                                                                                                                                                                                                                                                                          MD5:02bd5dd672a21a001e4b82e2a6031d30
                                                                                                                                                                                                                                                                          SHA1:777476e4e9bab85545e977279572b38d83869261
                                                                                                                                                                                                                                                                          SHA256:c230c739f9107e8fd871f2158e2299e010679aed34fb419cd8c9acc8cc4a9a24
                                                                                                                                                                                                                                                                          SHA512:df3cdfae583c8f1a5d7e7ea002b25f2de43490454fc02aff93232276c50d2af73ca3842ac0744ab8b7c30d0f8d1f57c69c97bddef6c520522d4adefa2e902e0a
                                                                                                                                                                                                                                                                          SSDEEP:3072:z2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhh0rn+x:z0KgGwHqwOOELha+sm2D2+Uhngu0AS
                                                                                                                                                                                                                                                                          TLSH:BA4426116D908062E1B61A30E5BCBA715A6D7FF00B7088DF53B07E2E3F751D2A635B62
                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A.

                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                          Icon Hash:8e133369490d074c

                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Entrypoint:0x401020
                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                          Time Stamp:0x64366D75 [Wed Apr 12 08:36:05 2023 UTC]
                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                                          Import Hash:79b68a12e4eb6aa0c59dd1289006924f

                                                                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                                                                          Signature Valid:true
                                                                                                                                                                                                                                                                          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                          Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                          Error Number:0
                                                                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                                                                          • 16/09/2022 01:00:00 18/09/2025 00:59:59
                                                                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                                                                          • CN=Avast Software s.r.o., O=Avast Software s.r.o., L=Praha, C=CZ
                                                                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                                                                          Thumbprint MD5:F65D3D51A1CE5FCAF5F4A6104C638258
                                                                                                                                                                                                                                                                          Thumbprint SHA-1:50ED9B8496344F0895FC6C5500865B15B678D105
                                                                                                                                                                                                                                                                          Thumbprint SHA-256:AD4D810955F27494D8B9CC8E4456D0A9A8976D5E7E70858FC7486C463D233EB7
                                                                                                                                                                                                                                                                          Serial:0902B36B3251C328083F777CA08428FF

                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                                                          push 00000001h
                                                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                                                          call dword ptr [004230F4h]
                                                                                                                                                                                                                                                                          push 0042359Ch
                                                                                                                                                                                                                                                                          call dword ptr [00423104h]
                                                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                                                          je 00007F139D6B13C7h
                                                                                                                                                                                                                                                                          push 004235B8h
                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                          call dword ptr [00423248h]
                                                                                                                                                                                                                                                                          mov esi, eax
                                                                                                                                                                                                                                                                          test esi, esi
                                                                                                                                                                                                                                                                          je 00007F139D6B13B5h
                                                                                                                                                                                                                                                                          push 00000800h
                                                                                                                                                                                                                                                                          mov ecx, esi
                                                                                                                                                                                                                                                                          call dword ptr [004232ECh]
                                                                                                                                                                                                                                                                          call esi
                                                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                                                          jne 00007F139D6B13E1h
                                                                                                                                                                                                                                                                          push 004235D4h
                                                                                                                                                                                                                                                                          call dword ptr [0042310Ch]
                                                                                                                                                                                                                                                                          push 004235D8h
                                                                                                                                                                                                                                                                          call dword ptr [00423104h]
                                                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                                                          je 00007F139D6B13C7h
                                                                                                                                                                                                                                                                          push 004235ECh
                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                          call dword ptr [00423248h]
                                                                                                                                                                                                                                                                          mov esi, eax
                                                                                                                                                                                                                                                                          test esi, esi
                                                                                                                                                                                                                                                                          je 00007F139D6B13B5h
                                                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                                                          push 00401100h
                                                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                                                          mov ecx, esi
                                                                                                                                                                                                                                                                          call dword ptr [004232ECh]
                                                                                                                                                                                                                                                                          call esi
                                                                                                                                                                                                                                                                          push 0000000Ah
                                                                                                                                                                                                                                                                          call dword ptr [004230FCh]
                                                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                                                          jne 00007F139D6B13BAh
                                                                                                                                                                                                                                                                          push 00002777h
                                                                                                                                                                                                                                                                          call 00007F139D6B3E5Dh
                                                                                                                                                                                                                                                                          add esp, 04h
                                                                                                                                                                                                                                                                          push C000001Dh
                                                                                                                                                                                                                                                                          call dword ptr [004230F8h]
                                                                                                                                                                                                                                                                          call 00007F139D6B82BAh
                                                                                                                                                                                                                                                                          cmp eax, 05010300h
                                                                                                                                                                                                                                                                          jnc 00007F139D6B13BAh
                                                                                                                                                                                                                                                                          push 00002778h
                                                                                                                                                                                                                                                                          call 00007F139D6B3E39h
                                                                                                                                                                                                                                                                          add esp, 04h
                                                                                                                                                                                                                                                                          push 0000047Eh
                                                                                                                                                                                                                                                                          call dword ptr [000030F8h]

                                                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                          • [C++] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x2bfd40x8c.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x310000xf348.rsrc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x3dc480x2950
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x410000x1cb8.reloc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x2a5700x70.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x2a5e00x18.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x24d600x40.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x230000x2ec.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2bd540xc0.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                          .text0x10000x216ca0x21800f3aa9bfe0e0173b2d8dbf69e0f7b5c30False0.5465980643656716data6.552507871447298IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .rdata0x230000xa0600xa200f1313dbc7d48a2854099a510bfc2275fFalse0.4890528549382716data5.400803596600892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .data0x2e0000x15c00xa00e676ce13014a1fea1d94c6052cb98545False0.20546875data2.7943028087818473IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .didat0x300000x4c0x200f2ff10bf470db291929511a1884e701bFalse0.111328125data0.6949183674939895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .rsrc0x310000xf3480xf400535c79c29ec674fa70ff314de4bc4913False0.3526191086065574data4.956889230471455IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .reloc0x410000x1cb80x1e00b242d5c80ab78d037235c071e32e80d5False0.7776041666666667data6.568397975609428IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                          PNG0x317400x5d9PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.9926519706078825
                                                                                                                                                                                                                                                                          PNG0x31d200x6e2PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.8671963677639046
                                                                                                                                                                                                                                                                          RT_ICON0x324080x2140PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9937734962406015
                                                                                                                                                                                                                                                                          RT_ICON0x345480x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.12659423712801135
                                                                                                                                                                                                                                                                          RT_ICON0x387700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.19387966804979254
                                                                                                                                                                                                                                                                          RT_ICON0x3ad180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2319418386491557
                                                                                                                                                                                                                                                                          RT_ICON0x3bdc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.41400709219858156
                                                                                                                                                                                                                                                                          RT_STRING0x3c2280x74Matlab v4 mat-file (little endian) v, numeric, rows 0, columns 0EnglishUnited States0.5086206896551724
                                                                                                                                                                                                                                                                          RT_STRING0x3c2a00x160dataEnglishUnited States0.4914772727272727
                                                                                                                                                                                                                                                                          RT_STRING0x3c4000x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                                                                                                                                          RT_STRING0x3c4480x2b6dataEnglishUnited States0.18011527377521613
                                                                                                                                                                                                                                                                          RT_STRING0x3c7000x4adataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                                                                          RT_STRING0x3c7500x50dataFrenchFrance0.65
                                                                                                                                                                                                                                                                          RT_STRING0x3c7a00x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                                                                                                                                          RT_STRING0x3c7f00x4adataRussianRussia0.6486486486486487
                                                                                                                                                                                                                                                                          RT_STRING0x3c8400x4adata0.6486486486486487
                                                                                                                                                                                                                                                                          RT_STRING0x3c8900x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                                                                                                                                          RT_STRING0x3c8d80x48dataFrenchFrance0.6388888888888888
                                                                                                                                                                                                                                                                          RT_STRING0x3c9200x48dataPortugueseBrazil0.6388888888888888
                                                                                                                                                                                                                                                                          RT_STRING0x3c9680x48dataRussianRussia0.6388888888888888
                                                                                                                                                                                                                                                                          RT_STRING0x3c9b00x48data0.6388888888888888
                                                                                                                                                                                                                                                                          RT_STRING0x3c9f80x82dataEnglishUnited States0.6230769230769231
                                                                                                                                                                                                                                                                          RT_STRING0x3ca800x64dataFrenchFrance0.61
                                                                                                                                                                                                                                                                          RT_STRING0x3cae80x5edataPortugueseBrazil0.5851063829787234
                                                                                                                                                                                                                                                                          RT_STRING0x3cb480x5edataRussianRussia0.5851063829787234
                                                                                                                                                                                                                                                                          RT_STRING0x3cba80x5edata0.5851063829787234
                                                                                                                                                                                                                                                                          RT_STRING0x3cc080xa4dataEnglishUnited States0.4817073170731707
                                                                                                                                                                                                                                                                          RT_STRING0x3ccb00x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                                                                                                                                          RT_STRING0x3cd100x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                                                                                                                                          RT_STRING0x3cd700x5cdataRussianRussia0.5543478260869565
                                                                                                                                                                                                                                                                          RT_STRING0x3cdd00x5cdata0.5543478260869565
                                                                                                                                                                                                                                                                          RT_STRING0x3ce300xc0dataEnglishUnited States0.5833333333333334
                                                                                                                                                                                                                                                                          RT_STRING0x3cef00x50dataFrenchFrance0.6625
                                                                                                                                                                                                                                                                          RT_STRING0x3cf400x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                                                                                                                                          RT_STRING0x3cf900x4adataRussianRussia0.6486486486486487
                                                                                                                                                                                                                                                                          RT_STRING0x3cfe00x4adata0.6486486486486487
                                                                                                                                                                                                                                                                          RT_STRING0x3d0300x160dataEnglishUnited States0.32670454545454547
                                                                                                                                                                                                                                                                          RT_STRING0x3d1900x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                                                                                                                                          RT_STRING0x3d1f00x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                                                                                                                                          RT_STRING0x3d2500x5cdataRussianRussia0.5543478260869565
                                                                                                                                                                                                                                                                          RT_STRING0x3d2b00x5cdata0.5543478260869565
                                                                                                                                                                                                                                                                          RT_STRING0x3d3100x756dataEnglishUnited States0.3141640042598509
                                                                                                                                                                                                                                                                          RT_STRING0x3da680x930dataFrenchFrance0.31079931972789115
                                                                                                                                                                                                                                                                          RT_STRING0x3e3980x7eadataPortugueseBrazil0.31638696939782823
                                                                                                                                                                                                                                                                          RT_STRING0x3eb880x7ecdataRussianRussia0.34911242603550297
                                                                                                                                                                                                                                                                          RT_STRING0x3f3780x84edata0.3156161806208843
                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x3fbc80x4cdataEnglishUnited States0.7894736842105263
                                                                                                                                                                                                                                                                          RT_VERSION0x3fc180x2f8dataEnglishUnited States0.4723684210526316
                                                                                                                                                                                                                                                                          RT_MANIFEST0x3ff100x437XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1019), with CRLF line terminatorsEnglishUnited States0.5041705282669138

                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                          KERNEL32.dllSetLastError, Sleep, GetFileSizeEx, WriteFile, SetEndOfFile, SetFilePointerEx, LocalFree, CloseHandle, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, EnumResourceNamesW, GetWindowsDirectoryW, CreateDirectoryW, CreateFileW, CreateThread, GetSystemTimeAsFileTime, GetNativeSystemInfo, lstrcatA, lstrlenA, GetVersionExA, GetCurrentProcess, GetExitCodeProcess, ResumeThread, ReleaseMutex, WaitForSingleObject, CreateMutexW, CreateProcessW, GetPrivateProfileIntW, GetPrivateProfileStringW, GetDiskFreeSpaceExW, CopyFileW, MoveFileExW, CreateHardLinkW, HeapAlloc, GetProcessHeap, HeapSetInformation, ExitProcess, IsProcessorFeaturePresent, lstrcpyW, GetModuleHandleW, GetSystemDirectoryW, SetDllDirectoryW, InterlockedExchange, LockResource, WriteConsoleW, FlushFileBuffers, GetConsoleMode, GetConsoleCP, SetStdHandle, LCMapStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, IsValidCodePage, FindNextFileW, FindFirstFileExW, GetLastError, HeapFree, InterlockedExchangeAdd, GetVersionExW, FindResourceW, LoadLibraryW, SizeofResource, LoadResource, GlobalFree, GlobalUnlock, GlobalLock, FindClose, GetFileType, GetStringTypeW, GlobalAlloc, FreeLibrary, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, LoadLibraryA, DecodePointer, GetVersion, HeapDestroy, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, DeviceIoControl, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, MultiByteToWideChar, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, TerminateProcess, OutputDebugStringW, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetCommandLineA, GetCommandLineW, GetStdHandle, GetModuleFileNameW, GetModuleHandleExW, GetACP, GetProcAddress
                                                                                                                                                                                                                                                                          USER32.dllGetMessageW, TranslateMessage, DispatchMessageW, SendMessageW, AllowSetForegroundWindow, PostMessageW, wsprintfA, LoadStringW, MessageBoxExW, wsprintfW, SystemParametersInfoW, IsDialogMessageW, LoadImageW, DestroyIcon, FindWindowW, FillRect, GetWindowRect, InvalidateRect, EndPaint, BeginPaint, ReleaseDC, GetDC, SetForegroundWindow, GetSystemMetrics, KillTimer, SetTimer, SetFocus, SetWindowPos, DestroyWindow, CreateWindowExW, RegisterClassExW, PostQuitMessage, DefWindowProcW
                                                                                                                                                                                                                                                                          GDI32.dllGetTextExtentPoint32W, GetObjectW, CreateDIBSection, SelectObject, CreateFontIndirectW, DeleteObject, CreateSolidBrush, CreatePatternBrush
                                                                                                                                                                                                                                                                          ADVAPI32.dllCryptDestroyHash, CryptHashData, CryptCreateHash, CryptGenRandom, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextA, GetSidSubAuthorityCount, GetSidSubAuthority, IsValidSid, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorA
                                                                                                                                                                                                                                                                          ole32.dllCoCreateInstance, CreateStreamOnHGlobal, CoUninitialize, CoInitializeEx
                                                                                                                                                                                                                                                                          COMCTL32.dll

                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                          EnglishUnited States
                                                                                                                                                                                                                                                                          FrenchFrance
                                                                                                                                                                                                                                                                          PortugueseBrazil
                                                                                                                                                                                                                                                                          RussianRussia

                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.053458929 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.182714939 CET804973034.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.182799101 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.183053970 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.183089018 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.312036991 CET804973034.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.312081099 CET804973034.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.341253996 CET804973034.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.383183002 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:59.854545116 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:59.854589939 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:59.983248949 CET804973034.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:00.014339924 CET804973034.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:00.055089951 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.400906086 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.400959969 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.401031971 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.403539896 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.403554916 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.468203068 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.468297005 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.468394995 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.468801975 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.468832970 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.682877064 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.682949066 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.741813898 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.741838932 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.742208004 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.744921923 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.744996071 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.748375893 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.748383999 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.748661041 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.789469004 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.805085897 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.851995945 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.852034092 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.852045059 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.852091074 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.852184057 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.852190971 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.035448074 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.035588980 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.035651922 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.036286116 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.036303997 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.036355972 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.036365032 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.138951063 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.139031887 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.139082909 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.139183044 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:03.139203072 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.510027885 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.510057926 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.510148048 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.512904882 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.512928963 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.709189892 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.709275007 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.724241972 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.724261045 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.725295067 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.773865938 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.901220083 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.901428938 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.901586056 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.128652096 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.128699064 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.128741026 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.128757000 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.128916025 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.129023075 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.129030943 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.129082918 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.134447098 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.134510994 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.134641886 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.134711027 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.140697956 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.140816927 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.146822929 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.146948099 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.146953106 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.146982908 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.147296906 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.153759956 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.154000998 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.219367981 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.219474077 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.219502926 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.219513893 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.219578028 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.222249031 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.222356081 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.228429079 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.228513002 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.228534937 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.228610992 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.234632015 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.234718084 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.234721899 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.234745979 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.234803915 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.241106033 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.241169930 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.246912956 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.246988058 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.247024059 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.247143984 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.253283024 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.253504038 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.253504038 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.253504038 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.253552914 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.253588915 CET49741443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:06.253603935 CET4434974134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.066931963 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.066981077 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.067053080 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.068639994 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.068664074 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.259696007 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.259783983 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.260947943 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.260963917 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.261298895 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.305116892 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.346216917 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.346393108 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.346420050 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.481751919 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.482413054 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.482440948 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.487505913 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.488480091 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.488497019 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.488600969 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.493638992 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.494729996 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.494743109 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.497843981 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.498039007 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.498049974 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.504123926 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.504175901 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.504201889 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.555191040 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.569778919 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.572602987 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.572634935 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.572704077 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.572727919 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.572783947 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.578758001 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.584964037 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.584995985 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.585081100 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.585098028 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.585156918 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.591171026 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.597435951 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.597712040 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.597724915 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.603545904 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.603599072 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.603610992 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.609519958 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.609569073 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.609586954 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615228891 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615278006 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615289927 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615329981 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615484953 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615503073 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615530014 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615536928 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615565062 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.615569115 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.367712021 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.367808104 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.367892027 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.370853901 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.370888948 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.452161074 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.452204943 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.452317953 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.470216036 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.470246077 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.653882980 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.654015064 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.658574104 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.658586025 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.659104109 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.659878016 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.659924030 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.659929037 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.749150038 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.749264956 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.754945040 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.754959106 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.755256891 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.755899906 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.756026983 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.756032944 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.944698095 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.944884062 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.944946051 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.945081949 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.945100069 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.945125103 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.945131063 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:26.037210941 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:26.037281990 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:26.037333965 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:26.049808979 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:26.049829006 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:00.025557995 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:00.154791117 CET804973034.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:00.154870987 CET4973080192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.689755917 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.689791918 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.689950943 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.691895962 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.691914082 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.960366011 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.960645914 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.962649107 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.962662935 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.963052988 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.965049028 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.965290070 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:24.965297937 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:25.254210949 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:25.254420996 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:25.254482031 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:25.254668951 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:25.254688978 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:25.254726887 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:35:25.254734993 CET4434976634.117.223.223192.168.2.4

                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:57.939440966 CET6530553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:57.939847946 CET5026953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.028225899 CET53502691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.378429890 CET6519153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.467073917 CET53651911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.173093081 CET5939153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.261379004 CET53593911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.262809992 CET5898953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.352550030 CET53589891.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.412218094 CET4980053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.501044989 CET53498001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.505692005 CET4980153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.507838964 CET6337553192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.510204077 CET4980153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.511447906 CET6234853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.512098074 CET4980153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.513242960 CET5753653192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.513897896 CET4980153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.515027046 CET6494253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.515594006 CET4980153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.516747952 CET5693453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.517381907 CET4980153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.518502951 CET5339953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.629944086 CET5341153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.632004976 CET6261353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.632723093 CET5341153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.634670973 CET5942253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.635328054 CET5341153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.636917114 CET6413653192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.638067961 CET5341153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.639532089 CET5492653192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.640178919 CET5341153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.641848087 CET6207853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.642509937 CET5341153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.643913984 CET5937353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.972100973 CET5955853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.980169058 CET5779553192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.980739117 CET5955853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.983020067 CET6259153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.983793974 CET5955853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.986044884 CET5546753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.986044884 CET5955853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.987751007 CET5851053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.989692926 CET5955853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.989692926 CET5932053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.990948915 CET5955853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.003218889 CET5887853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.182177067 CET5889053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.184112072 CET6280753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.184854984 CET5889053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.186773062 CET5374853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.187683105 CET5889053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.189062119 CET5564253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.190351009 CET5889053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.191984892 CET5343953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.192643881 CET5889053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.194219112 CET5539953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.194823980 CET5889053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.196518898 CET5659553192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.877429008 CET5660853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.879163027 CET5228453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.880028009 CET5660853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.881634951 CET6236353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.882525921 CET5660853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.884365082 CET5473753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.884885073 CET5660853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.886811018 CET4965653192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.887063980 CET5660853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.888411045 CET5927053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.889205933 CET5660853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.890326023 CET6496753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.062388897 CET6497953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.064557076 CET6478153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.065464020 CET6497953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.068346024 CET5828553192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.069291115 CET6497953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.072321892 CET4953153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.073092937 CET6497953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.075752974 CET4984753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.076725960 CET6497953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.078623056 CET6119253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.079807043 CET6497953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.081315041 CET5315553192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.912014961 CET6182953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.000612974 CET53618291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.775842905 CET6183053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.777146101 CET5740953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.864804983 CET53574098.8.8.8192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.866379023 CET53618308.8.8.8192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.874223948 CET5741153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.876745939 CET5016853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.961893082 CET53574118.8.8.8192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.964586020 CET53501688.8.8.8192.168.2.4
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.361932993 CET5016953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.450227022 CET53501691.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:57.939440966 CET192.168.2.41.1.1.10xb988Standard query (0)iavs9x.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:57.939847946 CET192.168.2.41.1.1.10xb017Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.378429890 CET192.168.2.41.1.1.10x915bStandard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.173093081 CET192.168.2.41.1.1.10x58ebStandard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.262809992 CET192.168.2.41.1.1.10x7223Standard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.412218094 CET192.168.2.41.1.1.10xc6ceStandard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.505692005 CET192.168.2.48.8.8.80x28aaStandard query (0)h4305360.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.507838964 CET192.168.2.48.8.8.80x6a61Standard query (0)h4305360.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.510204077 CET192.168.2.48.8.8.80x28caStandard query (0)h4444966.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.511447906 CET192.168.2.48.8.8.80x1020Standard query (0)h4444966.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.512098074 CET192.168.2.48.8.8.80xc1cdStandard query (0)m0658849.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.513242960 CET192.168.2.48.8.8.80x4790Standard query (0)m0658849.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.513897896 CET192.168.2.48.8.8.80x3926Standard query (0)n8283613.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.515027046 CET192.168.2.48.8.8.80xd03eStandard query (0)n8283613.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.515594006 CET192.168.2.48.8.8.80x2536Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.516747952 CET192.168.2.48.8.8.80xaffaStandard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.517381907 CET192.168.2.48.8.8.80xc3aeStandard query (0)y9830512.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.518502951 CET192.168.2.48.8.8.80x12afStandard query (0)y9830512.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.629944086 CET192.168.2.48.8.8.80xe74dStandard query (0)h4305360.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.632004976 CET192.168.2.48.8.8.80xeeeeStandard query (0)h4305360.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.632723093 CET192.168.2.48.8.8.80x8e3eStandard query (0)h4444966.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.634670973 CET192.168.2.48.8.8.80x3999Standard query (0)h4444966.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.635328054 CET192.168.2.48.8.8.80xf58Standard query (0)m0658849.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.636917114 CET192.168.2.48.8.8.80x9f94Standard query (0)m0658849.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.638067961 CET192.168.2.48.8.8.80xa12eStandard query (0)n8283613.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.639532089 CET192.168.2.48.8.8.80xe2e3Standard query (0)n8283613.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.640178919 CET192.168.2.48.8.8.80xe74aStandard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.641848087 CET192.168.2.48.8.8.80x914dStandard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.642509937 CET192.168.2.48.8.8.80xc36dStandard query (0)y9830512.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.643913984 CET192.168.2.48.8.8.80x9218Standard query (0)y9830512.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.972100973 CET192.168.2.48.8.8.80x8966Standard query (0)c3978047.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.980169058 CET192.168.2.48.8.8.80x3d5bStandard query (0)c3978047.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.980739117 CET192.168.2.48.8.8.80x76f1Standard query (0)d3176133.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.983020067 CET192.168.2.48.8.8.80xf4c3Standard query (0)d3176133.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.983793974 CET192.168.2.48.8.8.80xdb10Standard query (0)j0294597.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.986044884 CET192.168.2.48.8.8.80x3affStandard query (0)j0294597.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.986044884 CET192.168.2.48.8.8.80xdb48Standard query (0)p1043812.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.987751007 CET192.168.2.48.8.8.80x9e0eStandard query (0)p1043812.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.989692926 CET192.168.2.48.8.8.80x41fdStandard query (0)r0965026.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.989692926 CET192.168.2.48.8.8.80x8440Standard query (0)r0965026.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:19.990948915 CET192.168.2.48.8.8.80xa459Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.003218889 CET192.168.2.48.8.8.80x5917Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.182177067 CET192.168.2.48.8.8.80xd028Standard query (0)c3978047.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.184112072 CET192.168.2.48.8.8.80xb419Standard query (0)c3978047.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.184854984 CET192.168.2.48.8.8.80x6bf9Standard query (0)d3176133.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.186773062 CET192.168.2.48.8.8.80xbfe3Standard query (0)d3176133.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.187683105 CET192.168.2.48.8.8.80x4119Standard query (0)j0294597.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.189062119 CET192.168.2.48.8.8.80xe868Standard query (0)j0294597.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.190351009 CET192.168.2.48.8.8.80x5e60Standard query (0)p1043812.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.191984892 CET192.168.2.48.8.8.80x28e8Standard query (0)p1043812.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.192643881 CET192.168.2.48.8.8.80x5f22Standard query (0)r0965026.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.194219112 CET192.168.2.48.8.8.80xc513Standard query (0)r0965026.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.194823980 CET192.168.2.48.8.8.80x4229Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.196518898 CET192.168.2.48.8.8.80xed8bStandard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.877429008 CET192.168.2.48.8.8.80x54b9Standard query (0)b8003600.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.879163027 CET192.168.2.48.8.8.80xcd32Standard query (0)b8003600.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.880028009 CET192.168.2.48.8.8.80xc434Standard query (0)d3176133.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.881634951 CET192.168.2.48.8.8.80x47c0Standard query (0)d3176133.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.882525921 CET192.168.2.48.8.8.80xffedStandard query (0)n8283613.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.884365082 CET192.168.2.48.8.8.80xbbbbStandard query (0)n8283613.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.884885073 CET192.168.2.48.8.8.80x2130Standard query (0)p1043812.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.886811018 CET192.168.2.48.8.8.80x5c95Standard query (0)p1043812.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.887063980 CET192.168.2.48.8.8.80xf83dStandard query (0)r3802239.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.888411045 CET192.168.2.48.8.8.80x3cfStandard query (0)r3802239.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.889205933 CET192.168.2.48.8.8.80x64Standard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.890326023 CET192.168.2.48.8.8.80x87a9Standard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.062388897 CET192.168.2.48.8.8.80x81feStandard query (0)b8003600.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.064557076 CET192.168.2.48.8.8.80x70d0Standard query (0)b8003600.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.065464020 CET192.168.2.48.8.8.80x706Standard query (0)d3176133.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.068346024 CET192.168.2.48.8.8.80xf11bStandard query (0)d3176133.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.069291115 CET192.168.2.48.8.8.80xa45bStandard query (0)n8283613.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.072321892 CET192.168.2.48.8.8.80x691Standard query (0)n8283613.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.073092937 CET192.168.2.48.8.8.80x4e1eStandard query (0)p1043812.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.075752974 CET192.168.2.48.8.8.80xcef6Standard query (0)p1043812.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.076725960 CET192.168.2.48.8.8.80x654Standard query (0)r3802239.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.078623056 CET192.168.2.48.8.8.80x234eStandard query (0)r3802239.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.079807043 CET192.168.2.48.8.8.80xc7f3Standard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.081315041 CET192.168.2.48.8.8.80xa047Standard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.912014961 CET192.168.2.41.1.1.10x6442Standard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.775842905 CET192.168.2.48.8.8.80x2ec0Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.777146101 CET192.168.2.48.8.8.80xc411Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.874223948 CET192.168.2.48.8.8.80xe278Standard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.876745939 CET192.168.2.48.8.8.80xe879Standard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.361932993 CET192.168.2.41.1.1.10x82a9Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.028225899 CET1.1.1.1192.168.2.40xb017No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.028225899 CET1.1.1.1192.168.2.40xb017No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.028225899 CET1.1.1.1192.168.2.40xb017No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.045491934 CET1.1.1.1192.168.2.40xb988No error (0)iavs9x.u.avcdn.netiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.467073917 CET1.1.1.1192.168.2.40x915bNo error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.467073917 CET1.1.1.1192.168.2.40x915bNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:02.467073917 CET1.1.1.1192.168.2.40x915bNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.261379004 CET1.1.1.1192.168.2.40x58ebNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.261379004 CET1.1.1.1192.168.2.40x58ebNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.352550030 CET1.1.1.1192.168.2.40x7223No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.501044989 CET1.1.1.1192.168.2.40xc6ceNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:05.501044989 CET1.1.1.1192.168.2.40xc6ceNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.601619005 CET8.8.8.8192.168.2.40x28aaNo error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.604621887 CET8.8.8.8192.168.2.40x28caNo error (0)h4444966.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.606473923 CET8.8.8.8192.168.2.40xc1cdNo error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.607031107 CET8.8.8.8192.168.2.40x6a61No error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.608211994 CET8.8.8.8192.168.2.40x1020No error (0)h4444966.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.610285997 CET8.8.8.8192.168.2.40xaffaNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.610692024 CET8.8.8.8192.168.2.40x3926No error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.612029076 CET8.8.8.8192.168.2.40x2536No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.612463951 CET8.8.8.8192.168.2.40x12afNo error (0)y9830512.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.615331888 CET8.8.8.8192.168.2.40xd03eNo error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.622879982 CET8.8.8.8192.168.2.40x4790No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.623397112 CET8.8.8.8192.168.2.40xc3aeNo error (0)y9830512.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.727339029 CET8.8.8.8192.168.2.40xeeeeNo error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.729227066 CET8.8.8.8192.168.2.40x8e3eNo error (0)h4444966.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.731090069 CET8.8.8.8192.168.2.40xf58No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.731103897 CET8.8.8.8192.168.2.40x3999No error (0)h4444966.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.731796026 CET8.8.8.8192.168.2.40xa12eNo error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.734457970 CET8.8.8.8192.168.2.40x9f94No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.735938072 CET8.8.8.8192.168.2.40xe2e3No error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.736205101 CET8.8.8.8192.168.2.40x914dNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.738447905 CET8.8.8.8192.168.2.40x9218No error (0)y9830512.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.738677979 CET8.8.8.8192.168.2.40xc36dNo error (0)y9830512.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.739237070 CET8.8.8.8192.168.2.40xe74dNo error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:08.750053883 CET8.8.8.8192.168.2.40xe74aNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.074419975 CET8.8.8.8192.168.2.40x3d5bNo error (0)c3978047.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.074502945 CET8.8.8.8192.168.2.40x76f1No error (0)d3176133.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.077220917 CET8.8.8.8192.168.2.40xf4c3No error (0)d3176133.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.079394102 CET8.8.8.8192.168.2.40x3affNo error (0)j0294597.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.083173037 CET8.8.8.8192.168.2.40x8966No error (0)c3978047.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.084619999 CET8.8.8.8192.168.2.40xa459No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.086136103 CET8.8.8.8192.168.2.40x8440No error (0)r0965026.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.086563110 CET8.8.8.8192.168.2.40x9e0eNo error (0)p1043812.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.086810112 CET8.8.8.8192.168.2.40xdb48No error (0)p1043812.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.091154099 CET8.8.8.8192.168.2.40x41fdNo error (0)r0965026.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.094640017 CET8.8.8.8192.168.2.40xdb10No error (0)j0294597.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.099163055 CET8.8.8.8192.168.2.40x5917No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.276245117 CET8.8.8.8192.168.2.40xd028No error (0)c3978047.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.278424025 CET8.8.8.8192.168.2.40x6bf9No error (0)d3176133.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.278636932 CET8.8.8.8192.168.2.40xb419No error (0)c3978047.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.280488014 CET8.8.8.8192.168.2.40xbfe3No error (0)d3176133.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.281626940 CET8.8.8.8192.168.2.40x4119No error (0)j0294597.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.285407066 CET8.8.8.8192.168.2.40xe868No error (0)j0294597.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.285486937 CET8.8.8.8192.168.2.40x5e60No error (0)p1043812.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.286047935 CET8.8.8.8192.168.2.40x5f22No error (0)r0965026.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.288528919 CET8.8.8.8192.168.2.40x28e8No error (0)p1043812.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.290102005 CET8.8.8.8192.168.2.40x4229No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.296690941 CET8.8.8.8192.168.2.40xed8bNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.303154945 CET8.8.8.8192.168.2.40xc513No error (0)r0965026.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.974993944 CET8.8.8.8192.168.2.40x54b9No error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.975208044 CET8.8.8.8192.168.2.40x47c0No error (0)d3176133.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.977421045 CET8.8.8.8192.168.2.40xc434No error (0)d3176133.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.978296041 CET8.8.8.8192.168.2.40xffedNo error (0)n8283613.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.978499889 CET8.8.8.8192.168.2.40xbbbbNo error (0)n8283613.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.980357885 CET8.8.8.8192.168.2.40x2130No error (0)p1043812.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.982413054 CET8.8.8.8192.168.2.40xcd32No error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.985166073 CET8.8.8.8192.168.2.40xf83dNo error (0)r3802239.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.986772060 CET8.8.8.8192.168.2.40x87a9No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.987432957 CET8.8.8.8192.168.2.40x64No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.991134882 CET8.8.8.8192.168.2.40x5c95No error (0)p1043812.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:20.991339922 CET8.8.8.8192.168.2.40x3cfNo error (0)r3802239.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.166476965 CET8.8.8.8192.168.2.40xa45bNo error (0)n8283613.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.167212963 CET8.8.8.8192.168.2.40x70d0No error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.168867111 CET8.8.8.8192.168.2.40x691No error (0)n8283613.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.170361042 CET8.8.8.8192.168.2.40x654No error (0)r3802239.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.171535015 CET8.8.8.8192.168.2.40xf11bNo error (0)d3176133.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.172040939 CET8.8.8.8192.168.2.40x234eNo error (0)r3802239.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.174153090 CET8.8.8.8192.168.2.40xcef6No error (0)p1043812.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.175335884 CET8.8.8.8192.168.2.40x4e1eNo error (0)p1043812.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.178034067 CET8.8.8.8192.168.2.40xa047No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.178594112 CET8.8.8.8192.168.2.40xc7f3No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.182063103 CET8.8.8.8192.168.2.40x706No error (0)d3176133.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:21.234324932 CET8.8.8.8192.168.2.40x81feNo error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:22.000612974 CET1.1.1.1192.168.2.40x6442No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.864804983 CET8.8.8.8192.168.2.40xc411No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.864804983 CET8.8.8.8192.168.2.40xc411No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.864804983 CET8.8.8.8192.168.2.40xc411No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.866379023 CET8.8.8.8192.168.2.40x2ec0No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.866379023 CET8.8.8.8192.168.2.40x2ec0No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.866379023 CET8.8.8.8192.168.2.40x2ec0No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.961893082 CET8.8.8.8192.168.2.40xe278No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.961893082 CET8.8.8.8192.168.2.40xe278No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.964586020 CET8.8.8.8192.168.2.40xe879No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:24.964586020 CET8.8.8.8192.168.2.40xe879No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.450227022 CET1.1.1.1192.168.2.40x82a9No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.450227022 CET1.1.1.1192.168.2.40x82a9No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:25.450227022 CET1.1.1.1192.168.2.40x82a9No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                          • v7event.stats.avast.com
                                                                                                                                                                                                                                                                          • analytics.avcdn.net
                                                                                                                                                                                                                                                                          • shepherd.ff.avast.com

                                                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          0192.168.2.44973034.117.223.223806364C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.183053970 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                          User-Agent: Avast Microstub/2.1
                                                                                                                                                                                                                                                                          Content-Length: 246
                                                                                                                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.183089018 CET246OUTData Raw: 63 6f 6f 6b 69 65 3d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 73 74 61 72 74 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43 37 36 39 39 33 34 43 41 44 41 32 36 37 42 34 44 46 41 30 33 42
                                                                                                                                                                                                                                                                          Data Ascii: cookie=edition=1event=microstub-startmidex=3F5C7CD44D1F6AC769934CADA267B4DFA03B616F52089608A209EA601E200C2Dstat_session=807de025-af78-4e87-bb15-77a88d9b68b0statsSendTime=1710362036os=win,10,0,2,19045,0,AMD64exe_version=2.1.99.0SfxVersi
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:58.341253996 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Wed, 13 Mar 2024 20:33:58 GMT
                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:59.854545116 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                          User-Agent: Avast Microstub/2.1
                                                                                                                                                                                                                                                                          Content-Length: 260
                                                                                                                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:33:59.854589939 CET260OUTData Raw: 63 6f 6f 6b 69 65 3d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 64 6f 77 6e 6c 6f 61 64 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43 37 36 39 39 33 34 43 41 44 41 32 36 37 42 34 44 46 41
                                                                                                                                                                                                                                                                          Data Ascii: cookie=edition=1event=microstub-downloadmidex=3F5C7CD44D1F6AC769934CADA267B4DFA03B616F52089608A209EA601E200C2Dstat_session=807de025-af78-4e87-bb15-77a88d9b68b0statsSendTime=1710362068os=win,10,0,2,19045,0,AMD64exe_version=2.1.99.0SfxVe
                                                                                                                                                                                                                                                                          Mar 13, 2024 21:34:00.014339924 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Wed, 13 Mar 2024 20:33:59 GMT
                                                                                                                                                                                                                                                                          Via: 1.1 google


                                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          0192.168.2.44973634.117.223.2234436608C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-03-13 20:34:02 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                          Content-MD5: clbYLB68v6qvrnw8NNa+jA==
                                                                                                                                                                                                                                                                          User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                          Content-Length: 361
                                                                                                                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                          2024-03-13 20:34:02 UTC361OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 31 30 33 36 32 30 33 36 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 39 38 39 34 33 32 38 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 32 2e 38 39 30 34 2e 30 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 35 39 63 35 39 64 65 39 2d 65 30 38 61 2d 34 64 65 32 2d 39 39 39 32 2d 31 61 38 39 38 64 36 36 31 64 62 65 0a 6d 69 64 65 78 3d 33 66 35 63 37 63 64 34 34 64 31 66 36 61 63 37 36 39 39 33 34 63 61 64 61 32 36 37 62 34 64 66 61 30 33 62 36 31 36 66 35 32 30 38 39 36 30 38 61 32 30 39 65 61 36 30 31 65 32 30 30 63 32 64 0a 6f 73 3d 77 69 6e 2c 31 30 2c
                                                                                                                                                                                                                                                                          Data Ascii: SfxCreated=1710362036SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=9894328SfxVersion=24.2.8904.0edition=1event=stubguid=59c59de9-e08a-4de2-9992-1a898d661dbemidex=3f5c7cd44d1f6ac769934cada267b4dfa03b616f52089608a209ea601e200c2dos=win,10,
                                                                                                                                                                                                                                                                          2024-03-13 20:34:03 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Wed, 13 Mar 2024 20:34:03 GMT
                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          1192.168.2.44973734.117.223.2234436608C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-03-13 20:34:02 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                                          User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                          Content-Length: 581
                                                                                                                                                                                                                                                                          Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                          2024-03-13 20:34:02 UTC581OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 31 2c 22 74 69 6d 65 22 3a 31 37 31 30 33 36 37 31 36 37 30 31 36 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 35 39 63 35 39 64 65 39 2d 65 30 38 61 2d 34 64 65 32 2d 39 39 39 32 2d 31 61 38 39 38 64 36 36 31 64 62 65 22 2c 22 68 77 69 64 22 3a 22 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43 37 36 39 39 33 34 43 41 44 41 32 36 37 42 34 44 46 41 30 33 42 36 31 36 46 35 32 30 38 39 36 30 38 41 32 30 39 45 41 36 30 31 45 32 30 30 43 32 44 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 22 7d 2c 22 69 6e 73 74 75 70 22 3a 7b 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 30 37 64 65 30
                                                                                                                                                                                                                                                                          Data Ascii: {"record":[{"event":{"subtype":1,"time":1710367167016,"type":70},"identity":{"guid":"59c59de9-e08a-4de2-9992-1a898d661dbe","hwid":"3F5C7CD44D1F6AC769934CADA267B4DFA03B616F52089608A209EA601E200C2D"},"installation":{"aiid":""},"instup":{"session_id":"807de0
                                                                                                                                                                                                                                                                          2024-03-13 20:34:03 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Wed, 13 Mar 2024 20:34:02 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                                          Content-Length: 19
                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-03-13 20:34:03 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                                                                          Data Ascii: {"processed": true}


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          2192.168.2.44974134.160.176.284434008C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-03-13 20:34:05 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                          Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                          User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                          Content-Length: 243
                                                                                                                                                                                                                                                                          2024-03-13 20:34:05 UTC243OUTData Raw: 64 61 74 61 3d 43 41 41 51 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 59 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 67 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 71 41 47 49 43 43 67 43 49 41 51 44 4b 41 79 51 31 4f 57 4d 31 4f 57 52 6c 4f 53 31 6c 4d 44 68 68 4c 54 52 6b 5a 54 49 74 4f 54 6b 35 4d 69 30 78 59 54 67 35 4f 47 51 32 4e 6a 46 6b 59 6d 58 79 41 77 51 34 4d 54 6b 78 67 67 6c 41 4d 30 59 31 51 7a 64 44 52 44 51 30 52 44 46 47 4e 6b 46 44 4e 7a 59 35 4f 54 4d 30 51 30 46 45 51 54 49 32 4e 30 49 30 52 45 5a 42 4d 44 4e 43 4e 6a 45 32 52 6a 55 79 4d 44 67 35 4e 6a 41 34 51 54 49 77 4f 55 56 42 4e 6a 41 78 52 54 49 77 4d 45 4d 79 52 4e 6f 54 42 6d 6c 68 64 6e 4d 35 65 41 25 33 44 25 33 44
                                                                                                                                                                                                                                                                          Data Ascii: data=CAAQ%2F%2F%2F%2F%2Fw8Y%2F%2F%2F%2F%2Fw8g%2F%2F%2F%2F%2Fw8qAGICCgCIAQDKAyQ1OWM1OWRlOS1lMDhhLTRkZTItOTk5Mi0xYTg5OGQ2NjFkYmXyAwQ4MTkxgglAM0Y1QzdDRDQ0RDFGNkFDNzY5OTM0Q0FEQTI2N0I0REZBMDNCNjE2RjUyMDg5NjA4QTIwOUVBNjAxRTIwMEMyRNoTBmlhdnM5eA%3D%3D
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Wed, 13 Mar 2024 20:34:06 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                          Content-Length: 29421
                                                                                                                                                                                                                                                                          AB-Tests: 62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,oa-7466-v0:b,oa-7675:a,oa-7794-fake:b
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                          Config-Id: 5
                                                                                                                                                                                                                                                                          Config-Name: Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_release-20-percent-userbase_version-18.6-and-higher_production_quic-sni-block-release_v2017_hns-pre-scan-enabled-countries_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_versions-older-than-23.1_opening-browser-onboarding_old-smartscan_usa_ipm_6513_open_ui_b_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-a547bb4fa92a6a7ac70d90e6800fdce3c79b1800664cea838d88ef2e683a52f3
                                                                                                                                                                                                                                                                          Config-Version: 4916
                                                                                                                                                                                                                                                                          Segments: websocket testing,ipm_6363_chrome_offer_setup_free,free,production new installs,release 20 percent userbase,version 18.6 and higher,production,quic sni block release,v2017,hns pre-scan enabled countries,noomnianda1,phone support tile,avast 18 r7 and 18 r8,fs and idp integration,cef settings off,versions older than 23.1,opening browser onboarding,old smartscan,usa,ipm_6513_open_ui_b,test akamai,test pam no master password,v18.5 and higher,cleanup premium installation,release - iavs9x only,version 19.1 and older
                                                                                                                                                                                                                                                                          TTL: 86400
                                                                                                                                                                                                                                                                          TTL-Spread: 43200
                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                          Alt-Svc: clear
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INData Raw: 77 69 5a 57 78 6c 62 57 56 75 64 43 49 36 4d 7a 51 33 4c 43 4a 6a 62 32 35 7a 64 48 4a 68 61 57 35 30 63 79 49 36 65 79 4a 68 62 6d 51 69 4f 6c 74 37 49 6d 56 78 64 57 46 73 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 32 78 70 64 43 4a 39 4c 44 45 77 58 58 30 73 65 79 4a 73 5a 58 4e 7a 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 62 47 56 34 49 6e 30 73 4d 54 56 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 62 47 56 34 49 6e 30 73 4d 46 31 39 4c 48 73 69 62 33 49 69 4f 6c 74 37 49 6d 56 78 64 57 46 73 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62
                                                                                                                                                                                                                                                                          Data Ascii: wiZWxlbWVudCI6MzQ3LCJjb25zdHJhaW50cyI6eyJhbmQiOlt7ImVxdWFsIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX2xpdCJ9LDEwXX0seyJsZXNzZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfbGV4In0sMTVdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfbGV4In0sMF19LHsib3IiOlt7ImVxdWFsIjpbeyJ2YXJpYWJsZSI6Imlwb
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INData Raw: 33 42 31 63 43 49 73 49 6d 56 73 5a 57 31 6c 62 6e 51 69 4f 6a 4d 33 4e 69 77 69 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 43 77 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4e 6a 42 39 66 58 30 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 58 46 31 59 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 5a 58 5a 6c 62 6e 51 69 66 53 77 69 51 30 78 50
                                                                                                                                                                                                                                                                          Data Ascii: 3B1cCIsImVsZW1lbnQiOjM3Niwib3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsiYXV0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0cnlBZ2FpbkFmdGVyIjozMCwidGltZVRvTGl2ZUFjdGl2ZU1zZyI6NjB9fX0sImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZXF1YWwiOlt7InZhcmlhYmxlIjoiZXZlbnQifSwiQ0xP
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INData Raw: 49 69 77 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 5a 57 78 74 49 6e 30 73 65 79 4a 32 59 57 78 31 5a 53 49 36 49 6b 46 57 51 56 4e 55 58 30 39 51 52 55 35 66 56 55 6c 66 54 30 39 66 4d 54 67 32 4d 54 45 69 4c 43 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 74 61 57 51 69 66 56 31 39 66 53 78 37 49 6d 6c 6b 49 6a 6f 69 51 56 5a 42 55 31 52 66 51 56 5a 66 52 55 46 53 54 46 6c 66 55 6b 56 4f 52 56 64 42 54 46 39 43 54 45 46 54 56 43 49 73 49 6e 42 73 59 57 4e 6c 62 57 56 75 64 43 49 36 49 6e 42 76 63 48 56 77 49 69 77 69 5a 57 78 6c 62 57 56 75 64 43 49 36 4d 7a 51 33 4c 43 4a 6a 62 32 35 7a 64 48 4a 68 61 57 35 30 63 79 49 36 65 79 4a 68 62 6d 51 69 4f 6c 74 37 49 6d 56 78 64 57 46 73 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35
                                                                                                                                                                                                                                                                          Data Ascii: IiwibmFtZSI6InBfZWxtIn0seyJ2YWx1ZSI6IkFWQVNUX09QRU5fVUlfT09fMTg2MTEiLCJuYW1lIjoicF9taWQifV19fSx7ImlkIjoiQVZBU1RfQVZfRUFSTFlfUkVORVdBTF9CTEFTVCIsInBsYWNlbWVudCI6InBvcHVwIiwiZWxlbWVudCI6MzQ3LCJjb25zdHJhaW50cyI6eyJhbmQiOlt7ImVxdWFsIjpbeyJ2YXJpYWJsZSI6ImlwbS5
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INData Raw: 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 61 57 31 6c 56 47 39 4d 61 58 5a 6c 51 57 4e 30 61 58 5a 6c 54 58 4e 6e 49 6a 6f 7a 4e 6a 41 73 49 6e 52 79 65 55 46 6e 59 57 6c 75 51 57 5a 30 5a 58 49 69 4f 6a 4d 77 4d 48 31 39 66 53 77 69 64 58 4a 73 49 6a 70 37 49 6e 42 68 63 6d 46 74 63 79 49 36 57 33 73 69 62 6d 46 74 5a 53 49 36 49 6d 46 6a 64 47 6c 76 62 69 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 78 66 56 30 73 49 6d 56 32 59 57 78 31 59 58 52 6c 55 47 46 79 59 57 31 7a 49 6a 70 62 65 79 4a 75 59 57 31 6c 49 6a 6f 69 53 56 42 4e 58 31 56 53 54 46 39 51 51 56 4a 42 54 56 4e 66 51 55 78 4d 49 6e 31 64 66 53 77 69 63 48 4a 70 62 33 4a 70 64 48
                                                                                                                                                                                                                                                                          Data Ascii: 0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0aW1lVG9MaXZlQWN0aXZlTXNnIjozNjAsInRyeUFnYWluQWZ0ZXIiOjMwMH19fSwidXJsIjp7InBhcmFtcyI6W3sibmFtZSI6ImFjdGlvbiIsInZhbHVlIjoxfV0sImV2YWx1YXRlUGFyYW1zIjpbeyJuYW1lIjoiSVBNX1VSTF9QQVJBTVNfQUxMIn1dfSwicHJpb3JpdH
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INData Raw: 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 74 62 48 4e 30 49 6e 30 73 4d 31 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 32 5a 58 41 69 66 53 77 78 4f 56 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 79 5a 58 42 6c 59 58 52 66 61 57 35 30 5a 58 4a 32 59 57 77 69 66 53 77 78 4e 44 51 77 58 58 31 64 66 53 77 69 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 62 6d 39 30 61 57 5a 35 54 47 6c 74 61 58 52 6c 63 6b 6c 45 49 6a 6f 69 5a 58 68 77 61 58 4a 68 64 47 6c 76 62 69 49 73 49 6d 46 31 64 47 39 4a 62 6d 4e 79 5a 57 31 6c 62
                                                                                                                                                                                                                                                                          Data Ascii: JpYWJsZSI6ImlwbS5wX3BtbHN0In0sM119LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF92ZXAifSwxOV19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJyZXBlYXRfaW50ZXJ2YWwifSwxNDQwXX1dfSwib3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsibm90aWZ5TGltaXRlcklEIjoiZXhwaXJhdGlvbiIsImF1dG9JbmNyZW1lb
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INData Raw: 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 45 6e 61 62 6c 65 41 75 74 6f 44 65 74 65 63 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 4b 65 65 70 47 61 6d 65 49 6e 46 6f 72 65 67 72 6f 75 6e 64 5f 45 6e 61 62 6c 65 64 3d 30 0d 0a 47 61 6d 65 52 75 6c 65 5f 4d 61 78 69 6d 75 6d 50 65 72 66 6f 72 6d 61 6e 63 65 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 4d 65 61 73 75 72 65 50 65 72 66 6f 72 6d 61 6e 63 65 5f 45 6e 61 62 6c 65 64 3d 30 0d 0a 47 61 6d 65 52 75 6c 65 5f 4e 6f 41 76 61 73 74 49 6e 74 65 72 72 75 70 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 41 6c 6c 55 70 64 61 74 65 54 61 73 6b 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50
                                                                                                                                                                                                                                                                          Data Ascii: =1GameRule_EnableAutoDetections_Enabled=1GameRule_KeepGameInForeground_Enabled=0GameRule_MaximumPerformance_Enabled=1GameRule_MeasurePerformance_Enabled=0GameRule_NoAvastInterruptions_Enabled=1GameRule_PauseAllUpdateTasks_Enabled=1GameRule_P
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INData Raw: 39 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 34 34 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 73 22 7d 2c 7b 22 70 6f 72 74 22 3a 34 34 35 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 35 35 34 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 33 33 38 39 2c 22 74 79 70 65 22 3a 22 72 64 70 22 7d 2c 7b 22 70 6f 72 74 22 3a 34 35 36 37 2c 22 74 79 70 65 22 3a 22 68 74 74 70 22 7d 2c 7b 22 70 6f 72 74 22 3a 37 35 34 37 2c 22 74 79 70 65 22 3a 22 68 74 74 70 22 7d 2c 7b 22 70 6f 72 74 22 3a 38 30 38 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 22 7d 2c 7b 22 70 6f 72 74 22 3a 38 34 34 33 2c 22 74 79 70 65 22 3a 22 68 74 74
                                                                                                                                                                                                                                                                          Data Ascii: 9,"type":"tcp_connect"},{"port":443,"type":"https"},{"port":445,"type":"tcp_connect"},{"port":554,"type":"tcp_connect"},{"port":3389,"type":"rdp"},{"port":4567,"type":"http"},{"port":7547,"type":"http"},{"port":8080,"type":"http"},{"port":8443,"type":"htt
                                                                                                                                                                                                                                                                          2024-03-13 20:34:06 UTC1615INData Raw: 70 5f 64 77 73 2c 70 5f 64 6f 73 64 2c 70 5f 64 6f 79 2c 70 5f 64 75 73 64 2c 70 5f 64 75 79 2c 70 5f 64 75 61 63 61 67 65 2c 70 5f 64 75 73 6e 2c 70 5f 6c 63 65 2c 70 5f 65 67 75 69 64 2c 70 5f 69 6e 66 6f 31 2c 70 5f 69 6e 66 6f 32 2c 70 5f 69 6e 66 6f 33 2c 70 5f 66 73 6c 73 74 2c 70 5f 62 66 66 61 6f 73 2c 70 5f 62 66 66 70 61 6d 2c 70 5f 62 66 66 73 70 2c 70 5f 66 69 62 2c 70 5f 6a 6b 61 2c 70 5f 67 66 73 2c 70 5f 6a 61 74 2c 70 5f 67 61 63 2c 70 5f 67 61 69 64 2c 70 5f 67 61 74 72 2c 70 5f 68 63 6d 2c 70 5f 68 73 73 2c 70 5f 68 73 79 2c 70 5f 68 64 6e 73 2c 70 5f 68 69 73 2c 70 5f 73 6c 6e 2c 70 5f 69 63 61 72 2c 70 5f 62 69 65 61 6f 73 2c 70 5f 62 69 65 70 61 6d 2c 70 5f 62 69 65 73 70 2c 70 5f 69 64 75 2c 70 5f 61 70 63 67 73 2c 70 5f 69 70 69 2c
                                                                                                                                                                                                                                                                          Data Ascii: p_dws,p_dosd,p_doy,p_dusd,p_duy,p_duacage,p_dusn,p_lce,p_eguid,p_info1,p_info2,p_info3,p_fslst,p_bffaos,p_bffpam,p_bffsp,p_fib,p_jka,p_gfs,p_jat,p_gac,p_gaid,p_gatr,p_hcm,p_hss,p_hsy,p_hdns,p_his,p_sln,p_icar,p_bieaos,p_biepam,p_biesp,p_idu,p_apcgs,p_ipi,


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          3192.168.2.44976134.160.176.284432088C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                          Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                          User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                          Content-Length: 195
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC195OUTData Raw: 64 61 74 61 3d 43 41 41 51 47 42 67 43 49 4e 67 76 4b 67 42 69 41 67 6f 41 69 41 45 41 79 67 4d 6b 4e 54 6c 6a 4e 54 6c 6b 5a 54 6b 74 5a 54 41 34 59 53 30 30 5a 47 55 79 4c 54 6b 35 4f 54 49 74 4d 57 45 34 4f 54 68 6b 4e 6a 59 78 5a 47 4a 6c 38 67 4d 45 4f 44 45 35 4d 59 49 4a 51 44 4e 47 4e 55 4d 33 51 30 51 30 4e 45 51 78 52 6a 5a 42 51 7a 63 32 4f 54 6b 7a 4e 45 4e 42 52 45 45 79 4e 6a 64 43 4e 45 52 47 51 54 41 7a 51 6a 59 78 4e 6b 59 31 4d 6a 41 34 4f 54 59 77 4f 45 45 79 4d 44 6c 46 51 54 59 77 4d 55 55 79 4d 44 42 44 4d 6b 54 61 45 77 5a 70 59 58 5a 7a 4f 58 67 25 33 44
                                                                                                                                                                                                                                                                          Data Ascii: data=CAAQGBgCINgvKgBiAgoAiAEAygMkNTljNTlkZTktZTA4YS00ZGUyLTk5OTItMWE4OThkNjYxZGJl8gMEODE5MYIJQDNGNUM3Q0Q0NEQxRjZBQzc2OTkzNENBREEyNjdCNERGQTAzQjYxNkY1MjA4OTYwOEEyMDlFQTYwMUUyMDBDMkTaEwZpYXZzOXg%3D
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC3321INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Wed, 13 Mar 2024 20:34:22 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                          Content-Length: 32860
                                                                                                                                                                                                                                                                          AB-Tests: 19fa92d7-cec3-489b-9f86-f88a9780902e:A,62f9bfb9-c30a-4afc-a4eb-65aa885980c6:B,f269135a-abf6-41df-a90a-13b411c26efa:A,oa-7466-v0:b,oa-7675:a,oa-7794-fake:b
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                          Config-Id: 5
                                                                                                                                                                                                                                                                          Config-Name: Avast-Windows-AV-Consumer_websocket-testing_email-signatures_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_release-20-percent-userbase_webshield-tls-processes---stage-1_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_version-18.6-and-higher_production_hide-att-url-params_webshield.quic.block---fraction-test-setup_quic-sni-block-release_quic-on_versions--22.1-and-higher_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_hns-pre-scan-enabled-countries_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_noomnianda1_smartscanfreetrail_smartscan-free---antivirus---win10---ab-test_aosstorelink_enableddwm_enablehns3_performator_phone-support-tile_avast-forrelease-24.2_version-20.1-plus_fs-and-idp-integration_cef-72.3_v19.1-and-higher-off_opening-browser-onboarding_smartscan-free---antivirus---win10_opm_burger_tracking_limitation_usa_av-24.2-and-higher_multidetection_ipm_6515_6516_vps_sites_test_a_ipm_5258_campaign_toaster_reach_test_a_ipm_6513_open_ui_b_a1-migration-button_test-akamai_test-pam-no-master-password_v18.5-and-higher_installation-telemetry_cleanup-premium-installation_release---iavs9x-only_newuninstallsurvey-82a23f3944602e8a94deb3f8ef10ecf549e460faf7a1ad4683d70d7f35f832fa
                                                                                                                                                                                                                                                                          Config-Version: 4916
                                                                                                                                                                                                                                                                          Segments: websocket testing,email signatures,ipm_6363_chrome_offer_setup_free,asb and chrome since 21.2,version 23.2 and higher not in fr de,free,production new installs,disabled aos sideloading,web purchase - autoactivation,release 20 percent userbase,webshield tls processes - stage 1,v19.1 and higher free,ipm_4932_opm_pus_fullscale,version 18.6 and higher,production,hide att url params,webshield.quic.block - fraction test setup,quic sni block release,quic on,versions 22.1 and higher,previous version,ipm bau v23.1 and higher,version 20.5 and higher,useopenidwebauth,v2017,globalflags - streamproduction ,devicewatcheron,hns pre-scan enabled countries,version 20.9 and higher,pups in avast rollout,winre bts,noomnianda1,smartscanfreetrail,smartscan free - antivirus - win10 - ab test,aosstorelink,enableddwm,enablehns3,performator,phone support tile,avast forrelease 24.2,version 20.1 plus,fs and idp integration,cef 72.3,v19.1 and higher off,opening browser onboarding,smartscan free - antivirus - win10,opm_burger_tracking_limitation,usa,av 24.2 and higher,multidetection,ipm_6515_6516_vps_sites_test_a,ipm_5258_campaign_toaster_reach_test_a,ipm_6513_open_ui_b,a1 migration button,test akamai,test pam no master password,v18.5 and higher,installation telemetry,cleanup premium installation,release - iavs9x only,newuninstallsurvey
                                                                                                                                                                                                                                                                          TTL: 86400
                                                                                                                                                                                                                                                                          TTL-Spread: 43200
                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                          Alt-Svc: clear
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC3321INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC2183INData Raw: 4a 39 4c 44 68 64 66 56 31 39 4c 48 73 69 62 47 56 7a 63 79 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 6a 62 33 56 75 64 46 39 77 5a 58 4a 66 5a 47 46 35 49 6e 30 73 4d 56 31 39 58 58 30 73 49 6d 39 77 64 47 6c 76 62 6e 4d 69 4f 6e 73 69 62 47 46 31 62 6d 4e 6f 54 33 42 30 61 57 39 75 49 6a 70 37 49 6d 46 31 64 47 39 4a 62 6d 4e 79 5a 57 31 6c 62 6e 52 4e 63 32 64 54 61 47 39 33 62 69 49 36 64 48 4a 31 5a 53 77 69 63 6d 56 77 5a 57 46 30 5a 58 49 69 4f 6e 73 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4d 54 41 73 49 6e 52 79 65 55 46 6e 59 57 6c 75 51 57 5a 30 5a 58 49 69 4f 6a 56 39 66 58 30 73 49 6e 56 79 62 43 49 36 65 79 4a 6c 64 6d 46 73 64 57 46 30 5a 56 42 68 63 6d 46 74 63 79 49 36 57
                                                                                                                                                                                                                                                                          Data Ascii: J9LDhdfV19LHsibGVzcyI6W3sidmFyaWFibGUiOiJjb3VudF9wZXJfZGF5In0sMV19XX0sIm9wdGlvbnMiOnsibGF1bmNoT3B0aW9uIjp7ImF1dG9JbmNyZW1lbnRNc2dTaG93biI6dHJ1ZSwicmVwZWF0ZXIiOnsidGltZVRvTGl2ZUFjdGl2ZU1zZyI6MTAsInRyeUFnYWluQWZ0ZXIiOjV9fX0sInVybCI6eyJldmFsdWF0ZVBhcmFtcyI6W
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC1252INData Raw: 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 5a 58 5a 6c 62 6e 51 69 66 53 77 69 51 30 78 50 55 30 56 66 54 30 5a 47 52 56 4a 66 52 56 5a 46 54 6c 52 66 56 45 56 54 56 46 39 43 49 6c 31 39 58 58 30 73 49 6e 56 79 62 43 49 36 65 79 4a 77 59 58 4a 68 62 58 4d 69 4f 6c 74 37 49 6d 35 68 62 57 55 69 4f 69 4a 68 59 33 52 70 62 32 34 69 4c 43 4a 32 59 57 78 31 5a 53 49 36 4d 58 30 73 65 79 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 6c 62 47 30 69 4c 43 4a 32 59 57 78 31 5a 53 49 36 4d 7a 63 32 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 33 52 69 59 79 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 78 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 31 70 5a 43 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 51 30 78 50 55 30 56 66 54 30 5a 47
                                                                                                                                                                                                                                                                          Data Ascii: WwiOlt7InZhcmlhYmxlIjoiZXZlbnQifSwiQ0xPU0VfT0ZGRVJfRVZFTlRfVEVTVF9CIl19XX0sInVybCI6eyJwYXJhbXMiOlt7Im5hbWUiOiJhY3Rpb24iLCJ2YWx1ZSI6MX0seyJuYW1lIjoicF9lbG0iLCJ2YWx1ZSI6Mzc2fSx7Im5hbWUiOiJwX3RiYyIsInZhbHVlIjoxfSx7Im5hbWUiOiJwX21pZCIsInZhbHVlIjoiQ0xPU0VfT0ZG
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC1252INData Raw: 47 30 75 63 46 39 73 63 33 51 69 66 53 77 77 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 5a 6c 63 43 4a 39 4c 44 45 35 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 32 46 6e 5a 53 4a 39 4c 44 45 30 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6e 4a 6c 63 47 56 68 64 46 39 70 62 6e 52 6c 63 6e 5a 68 62 43 4a 39 4c 44 45 30 4e 44 42 64 66 53 78 37 49 6d 78 6c 63 33 4d 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 63 6d 56 77 5a 57 46 30 58 32 4e 76 64 57 35 30 49 6e 30 73 4d 56 31 39 4c 48 73 69
                                                                                                                                                                                                                                                                          Data Ascii: G0ucF9sc3QifSwwXX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3ZlcCJ9LDE5XX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX2FnZSJ9LDE0XX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6InJlcGVhdF9pbnRlcnZhbCJ9LDE0NDBdfSx7Imxlc3MiOlt7InZhcmlhYmxlIjoicmVwZWF0X2NvdW50In0sMV19LHsi
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC1252INData Raw: 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 63 47 31 73 63 33 51 69 66 53 77 7a 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 5a 6c 63 43 4a 39 4c 44 45 35 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6e 4a 6c 63 47 56 68 64 46 39 70 62 6e 52 6c 63 6e 5a 68 62 43 4a 39 4c 44 45 30 4e 44 42 64 66 56 31 39 4c 43 4a 76 63 48 52 70 62 32 35 7a 49 6a 70 37 49 6d 78 68 64 57 35 6a 61 45 39 77 64 47 6c 76 62 69 49 36 65 79 4a 75 62 33 52 70 5a 6e 6c 4d 61 57 31 70 64 47 56 79 53 55 51 69 4f 69 4a 6c 65 48 42 70 63 6d 46 30 61 57 39 75 49 69 77 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75
                                                                                                                                                                                                                                                                          Data Ascii: mlhYmxlIjoiaXBtLnBfcG1sc3QifSwzXX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3ZlcCJ9LDE5XX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6InJlcGVhdF9pbnRlcnZhbCJ9LDE0NDBdfV19LCJvcHRpb25zIjp7ImxhdW5jaE9wdGlvbiI6eyJub3RpZnlMaW1pdGVySUQiOiJleHBpcmF0aW9uIiwiYXV0b0luY3JlbWVu
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC1252INData Raw: 48 4a 35 51 57 64 68 61 57 35 42 5a 6e 52 6c 63 69 49 36 4d 7a 41 77 66 58 31 39 4c 43 4a 31 63 6d 77 69 4f 6e 73 69 63 47 46 79 59 57 31 7a 49 6a 70 62 65 79 4a 75 59 57 31 6c 49 6a 6f 69 59 57 4e 30 61 57 39 75 49 69 77 69 64 6d 46 73 64 57 55 69 4f 6a 46 39 58 53 77 69 5a 58 5a 68 62 48 56 68 64 47 56 51 59 58 4a 68 62 58 4d 69 4f 6c 74 37 49 6d 35 68 62 57 55 69 4f 69 4a 4a 55 45 31 66 56 56 4a 4d 58 31 42 42 55 6b 46 4e 55 31 39 42 54 45 77 69 66 56 31 39 4c 43 4a 77 63 6d 6c 76 63 6d 6c 30 65 53 49 36 4d 54 41 77 4d 48 30 73 65 79 4a 70 5a 43 49 36 49 6b 35 42 52 31 39 46 57 46 42 4a 55 6b 56 45 58 30 78 50 55 31 52 66 55 45 46 4e 58 30 46 57 51 56 4e 55 49 69 77 69 63 47 78 68 59 32 56 74 5a 57 35 30 49 6a 6f 69 63 47 39 77 64 58 41 69 4c 43 4a 6c
                                                                                                                                                                                                                                                                          Data Ascii: HJ5QWdhaW5BZnRlciI6MzAwfX19LCJ1cmwiOnsicGFyYW1zIjpbeyJuYW1lIjoiYWN0aW9uIiwidmFsdWUiOjF9XSwiZXZhbHVhdGVQYXJhbXMiOlt7Im5hbWUiOiJJUE1fVVJMX1BBUkFNU19BTEwifV19LCJwcmlvcml0eSI6MTAwMH0seyJpZCI6Ik5BR19FWFBJUkVEX0xPU1RfUEFNX0FWQVNUIiwicGxhY2VtZW50IjoicG9wdXAiLCJl
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC1252INData Raw: 61 72 64 0d 0a 46 46 41 53 50 3d 38 38 36 41 36 34 38 36 2d 33 37 42 33 2d 34 42 43 44 2d 38 39 31 42 2d 46 44 30 45 33 32 35 45 37 62 31 41 0d 0a 46 46 41 53 54 3d 61 76 67 40 73 65 63 75 72 69 74 79 0d 0a 46 46 50 41 4d 3d 6a 69 64 31 2d 72 31 74 44 75 4e 69 4e 62 34 53 45 77 77 40 6a 65 74 70 61 63 6b 0d 0a 46 46 53 50 3d 73 70 40 61 76 61 73 74 2e 63 6f 6d 0d 0a 46 46 53 50 32 3d 73 61 66 65 70 72 69 63 65 40 61 76 61 73 74 2e 63 6f 6d 0d 0a 46 46 57 54 55 3d 61 76 67 40 74 6f 6f 6c 62 61 72 0d 0a 46 46 57 54 55 33 3d 61 76 67 40 77 74 75 33 0d 0a 47 43 41 4f 53 3d 67 6f 6d 65 6b 6d 69 64 6c 6f 64 67 6c 62 62 6d 61 6c 63 6e 65 65 67 69 65 61 63 62 64 6d 6b 69 0d 0a 47 43 41 53 47 3d 6e 64 69 62 64 6a 6e 66 6d 6f 70 65 63 70 6d 6b 64 69 65 69 6e 6d 62
                                                                                                                                                                                                                                                                          Data Ascii: ardFFASP=886A6486-37B3-4BCD-891B-FD0E325E7b1AFFAST=avg@securityFFPAM=jid1-r1tDuNiNb4SEww@jetpackFFSP=sp@avast.comFFSP2=safeprice@avast.comFFWTU=avg@toolbarFFWTU3=avg@wtu3GCAOS=gomekmidlodglbbmalcneegieacbdmkiGCASG=ndibdjnfmopecpmkdieinmb
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC1252INData Raw: 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 53 79 73 74 65 6d 42 61 63 6b 67 72 6f 75 6e 64 54 61 73 6b 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 57 69 6e 64 6f 77 73 55 70 64 61 74 65 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 53 65 74 43 70 75 4c 69 6d 69 74 5f 45 6e 61 62 6c 65 64 3d 30 0d 0a 47 61 6d 65 52 75 6c 65 5f 53 65 74 48 69 67 68 50 65 72 66 6f 72 6d 61 6e 63 65 4d 6f 64 65 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 53 65 74 48 69 67 68 50 72 69 6f 72 69 74 79 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 53 65 74 50 72 6f 63 65 73 73 41 66 66 69 6e 69 74 79 5f 45 6e 61 62 6c 65 64 3d 30 0d 0a 47 61 6d 65 52 75 6c 65 5f 53 75 73 70 65 6e
                                                                                                                                                                                                                                                                          Data Ascii: =1GameRule_PauseSystemBackgroundTasks_Enabled=1GameRule_PauseWindowsUpdate_Enabled=1GameRule_SetCpuLimit_Enabled=0GameRule_SetHighPerformanceMode_Enabled=1GameRule_SetHighPriority_Enabled=1GameRule_SetProcessAffinity_Enabled=0GameRule_Suspen
                                                                                                                                                                                                                                                                          2024-03-13 20:34:22 UTC1252INData Raw: 74 65 6c 6e 65 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 38 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 22 7d 2c 7b 22 70 6f 72 74 22 3a 31 33 35 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 31 33 39 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 34 34 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 73 22 7d 2c 7b 22 70 6f 72 74 22 3a 34 34 35 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 35 35 34 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 33 33 38 39 2c 22 74 79 70 65 22 3a 22 72 64 70 22 7d 2c 7b 22 70 6f 72 74 22 3a 34 35 36 37 2c 22 74 79 70 65 22 3a 22 68 74 74 70 22 7d 2c 7b
                                                                                                                                                                                                                                                                          Data Ascii: telnet"},{"port":80,"type":"http"},{"port":135,"type":"tcp_connect"},{"port":139,"type":"tcp_connect"},{"port":443,"type":"https"},{"port":445,"type":"tcp_connect"},{"port":554,"type":"tcp_connect"},{"port":3389,"type":"rdp"},{"port":4567,"type":"http"},{


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          4192.168.2.44976234.117.223.2234432088C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-03-13 20:34:25 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                                          User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                          Content-Length: 471
                                                                                                                                                                                                                                                                          Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                          2024-03-13 20:34:25 UTC471OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 32 2c 22 74 69 6d 65 22 3a 31 37 31 30 33 36 37 32 34 39 38 34 39 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 35 39 63 35 39 64 65 39 2d 65 30 38 61 2d 34 64 65 32 2d 39 39 39 32 2d 31 61 38 39 38 64 36 36 31 64 62 65 22 2c 22 68 77 69 64 22 3a 22 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43 37 36 39 39 33 34 43 41 44 41 32 36 37 42 34 44 46 41 30 33 42 36 31 36 46 35 32 30 38 39 36 30 38 41 32 30 39 45 41 36 30 31 45 32 30 30 43 32 44 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 22 7d 2c 22 69 6e 73 74 75 70 22 3a 7b 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 38 30 37 64 65 30
                                                                                                                                                                                                                                                                          Data Ascii: {"record":[{"event":{"subtype":2,"time":1710367249849,"type":70},"identity":{"guid":"59c59de9-e08a-4de2-9992-1a898d661dbe","hwid":"3F5C7CD44D1F6AC769934CADA267B4DFA03B616F52089608A209EA601E200C2D"},"installation":{"aiid":""},"instup":{"session_id":"807de0
                                                                                                                                                                                                                                                                          2024-03-13 20:34:25 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Wed, 13 Mar 2024 20:34:25 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                                          Content-Length: 19
                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-03-13 20:34:25 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                                                                          Data Ascii: {"processed": true}


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          5192.168.2.44976334.117.223.2234432088C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-03-13 20:34:25 UTC202OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                          User-Agent: avast! Antivirus
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Content-MD5: QAEnxqx5aFYxVflwZQ75Bg==
                                                                                                                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                          Content-Length: 297
                                                                                                                                                                                                                                                                          2024-03-13 20:34:25 UTC297OUTData Raw: 49 6e 73 74 75 70 56 65 72 73 69 6f 6e 3d 32 34 2e 32 2e 38 39 30 34 2e 30 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 69 6e 73 74 61 6c 6c 5f 69 6e 74 72 6f 0a 67 75 69 64 3d 35 39 63 35 39 64 65 39 2d 65 30 38 61 2d 34 64 65 32 2d 39 39 39 32 2d 31 61 38 39 38 64 36 36 31 64 62 65 0a 6d 69 64 65 78 3d 33 66 35 63 37 63 64 34 34 64 31 66 36 61 63 37 36 39 39 33 34 63 61 64 61 32 36 37 62 34 64 66 61 30 33 62 36 31 36 66 35 32 30 38 39 36 30 38 61 32 30 39 65 61 36 30 31 65 32 30 30 63 32 64 0a 6f 70 65 72 61 74 69 6f 6e 3d 32 0a 6f 73 3d 77 69 6e 2c 31 30 2c 30 2c 32 2c 31 39 30 34 35 2c 30 2c 41 4d 44 36 34 0a 73 74 61 74 5f 73 65 73 73 69 6f 6e 3d 38 30 37 64 65 30 32 35 2d 61 66 37 38 2d 34 65 38 37 2d 62 62 31 35 2d 37 37 61 38 38 64 39 62 36
                                                                                                                                                                                                                                                                          Data Ascii: InstupVersion=24.2.8904.0edition=1event=install_introguid=59c59de9-e08a-4de2-9992-1a898d661dbemidex=3f5c7cd44d1f6ac769934cada267b4dfa03b616f52089608a209ea601e200c2doperation=2os=win,10,0,2,19045,0,AMD64stat_session=807de025-af78-4e87-bb15-77a88d9b6
                                                                                                                                                                                                                                                                          2024-03-13 20:34:26 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Wed, 13 Mar 2024 20:34:25 GMT
                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          6192.168.2.44976634.117.223.2234432088C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-03-13 20:35:24 UTC188OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                          Content-Encoding: gzip
                                                                                                                                                                                                                                                                          User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                          Content-Length: 540
                                                                                                                                                                                                                                                                          Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                          2024-03-13 20:35:24 UTC540OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a bd 92 4f 8b d3 40 14 c0 9b 6e e9 d6 b0 c2 5a 11 b4 a7 10 7a d8 85 26 3b 93 cc 4c 33 27 9b e6 8f bb 62 71 69 b7 ae 48 0e 4d 93 e7 26 10 93 32 c9 b2 15 f1 ee d5 ef 20 78 f4 ee c1 93 82 1f c1 9b 5f c5 c4 c3 82 20 b2 27 e7 f4 fe f0 e6 f7 1e fc e4 2f 5d 39 99 4e 4c 9f 3a 63 c7 25 c4 c5 3e b3 9d 31 e3 dc 24 8e ed da 06 1b 4f 89 eb db c8 9c 32 cc 7c 6a 20 8b 33 64 d9 06 e2 9e cd 10 f6 0c 84 1c c3 7d 3c a4 3c a2 3c 06 ae 01 b2 42 8d c4 60 68 9c 73 43 c3 a1 c5 ad 98 31 1c af a1 ff b9 23 77 a4 7b b7 a5 fd 0f ef de ff dc 3b d8 be f8 d8 91 d3 9e d4 3f 59 14 2f ab ab 50 40 f0 a8 28 2e 32 08 96 9b 38 ac 20 70 b2 14 f2 6a 51 35 f1 1b cb 66 dc 35 09 d5 5c ca 88 46 98 19 69 b6 ef 63 ad 29 73 8f 9a c8 e7 ec ed 60 37 0b cb 4a 5c e6 ea 1d 6c 9a
                                                                                                                                                                                                                                                                          Data Ascii: O@nZz&;L3'bqiHM&2 x_ '/]9NL:c%>1$O2|j 3d}<<<B`hsC1#w{;?Y/P@(.28 pjQ5f5\Fic)s`7J\l
                                                                                                                                                                                                                                                                          2024-03-13 20:35:25 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Wed, 13 Mar 2024 20:35:25 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                          Content-Length: 24
                                                                                                                                                                                                                                                                          X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-03-13 20:35:25 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                          Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                          Start time:21:33:56
                                                                                                                                                                                                                                                                          Start date:13/03/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                          Imagebase:0x610000
                                                                                                                                                                                                                                                                          File size:263'576 bytes
                                                                                                                                                                                                                                                                          MD5 hash:02BD5DD672A21A001E4B82E2A6031D30
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                                          Start time:21:33:58
                                                                                                                                                                                                                                                                          Start date:13/03/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.d0a41a8c5e258f0d\avast_free_antivirus_setup_online_x64.exe" /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d
                                                                                                                                                                                                                                                                          Imagebase:0x7ff71dda0000
                                                                                                                                                                                                                                                                          File size:9'894'328 bytes
                                                                                                                                                                                                                                                                          MD5 hash:3EE70E7C9C9C36265A818BA9771BBD4C
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                          Start time:21:34:03
                                                                                                                                                                                                                                                                          Start date:13/03/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.65e28d24bc9dfc42\Instup.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.65e28d24bc9dfc42\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7e6140000
                                                                                                                                                                                                                                                                          File size:3'902'920 bytes
                                                                                                                                                                                                                                                                          MD5 hash:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                          Start time:21:34:18
                                                                                                                                                                                                                                                                          Start date:13/03/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.65e28d24bc9dfc42 /edition:1 /prod:ais /stub_mapping_guid:4187610b-711b-48c0-8fc4-3ab6371c2373:9894328 /guid:59c59de9-e08a-4de2-9992-1a898d661dbe /ga_clientid:807de025-af78-4e87-bb15-77a88d9b68b0 /edat_dir:C:\Windows\Temp\asw.d0a41a8c5e258f0d /online_installer
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6ef710000
                                                                                                                                                                                                                                                                          File size:3'902'920 bytes
                                                                                                                                                                                                                                                                          MD5 hash:867935B7C2F24E028AE2F3D87409D273
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                          Start time:21:34:24
                                                                                                                                                                                                                                                                          Start date:13/03/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkGToolbar -elevated
                                                                                                                                                                                                                                                                          Imagebase:0x7ff72bec0000
                                                                                                                                                                                                                                                                          File size:2'412'488 bytes
                                                                                                                                                                                                                                                                          MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                          Start time:21:34:24
                                                                                                                                                                                                                                                                          Start date:13/03/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" /check_secure_browser
                                                                                                                                                                                                                                                                          Imagebase:0xa70000
                                                                                                                                                                                                                                                                          File size:2'412'488 bytes
                                                                                                                                                                                                                                                                          MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                          Start time:21:34:24
                                                                                                                                                                                                                                                                          Start date:13/03/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkChrome -elevated
                                                                                                                                                                                                                                                                          Imagebase:0xa70000
                                                                                                                                                                                                                                                                          File size:2'412'488 bytes
                                                                                                                                                                                                                                                                          MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                          Start time:21:34:25
                                                                                                                                                                                                                                                                          Start date:13/03/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.65e28d24bc9dfc42\New_180217d8\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
                                                                                                                                                                                                                                                                          Imagebase:0xa70000
                                                                                                                                                                                                                                                                          File size:2'412'488 bytes
                                                                                                                                                                                                                                                                          MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                          Start time:21:34:25
                                                                                                                                                                                                                                                                          Start date:13/03/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
                                                                                                                                                                                                                                                                          Imagebase:0x3f0000
                                                                                                                                                                                                                                                                          File size:2'412'488 bytes
                                                                                                                                                                                                                                                                          MD5 hash:5A74306235AE537F426B84E2DCD48AFA
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:12.3%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:11.7%
                                                                                                                                                                                                                                                                            Total number of Nodes:1932
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:25
                                                                                                                                                                                                                                                                            execution_graph 14632 620762 14633 62076e ___scrt_is_nonwritable_in_current_image 14632->14633 14662 620d67 14633->14662 14635 620775 14636 6208c8 14635->14636 14639 62079f 14635->14639 15103 6210ff IsProcessorFeaturePresent 14636->15103 14638 6208cf 14640 6208d5 14638->14640 15107 627dc4 14638->15107 14651 6207de ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 14639->14651 15078 627ae9 14639->15078 15110 627d76 14640->15110 14646 6207be 14648 62083f 14673 621219 14648->14673 14650 620845 14677 6152f0 InterlockedExchange 14650->14677 14651->14648 15086 627d8c 14651->15086 14657 620865 14658 62086e 14657->14658 15094 627d67 14657->15094 15097 620ef6 14658->15097 14663 620d70 14662->14663 15113 62153d IsProcessorFeaturePresent 14663->15113 14667 620d81 14672 620d85 14667->14672 15124 6284c7 14667->15124 14670 620d9c 14670->14635 14672->14635 15394 621ee0 14673->15394 14676 62123f 14676->14650 15396 6133a0 14677->15396 14682 615577 15449 618080 GetModuleHandleW GetProcAddress 14682->15449 14683 6154d6 GetCurrentProcess 15426 617e70 OpenProcessToken 14683->15426 14687 615583 14689 6155c7 14687->14689 14690 615587 InterlockedExchange InterlockedExchange 14687->14690 15463 613b30 LoadStringW 14689->15463 14691 615523 14690->14691 14693 6155b5 14690->14693 14696 6143e0 59 API calls 14691->14696 14697 613b70 9 API calls 14693->14697 14701 6175c8 14696->14701 14697->14691 14699 6155e9 GetLastError 14700 61563b 14699->14700 14702 6155f6 InterlockedExchange 14699->14702 15466 61cf50 14700->15466 14704 614440 61 API calls 14701->14704 14705 613b30 6 API calls 14702->14705 14706 6175d4 14704->14706 14707 615612 14705->14707 14708 6175e2 CloseHandle 14706->14708 14709 6175e9 14706->14709 15583 6111b0 FindWindowW 14707->15583 14708->14709 14710 6175f3 CloseHandle 14709->14710 14711 6175fa 14709->14711 14710->14711 14715 617604 CloseHandle 14711->14715 14716 61760b 14711->14716 14715->14716 14722 617fe0 30 API calls 14716->14722 14748 617610 ___scrt_fastfail 14722->14748 14726 613b30 6 API calls 14731 61562d 14726->14731 14730 61770d 14733 617725 14730->14733 14734 617717 ReleaseMutex CloseHandle 14730->14734 14735 6111b0 2 API calls 14731->14735 15647 614170 14733->15647 14734->14733 14739 615633 14735->14739 14739->14691 14747 612d50 26 API calls 14752 617754 14747->14752 14748->14730 14768 617699 14748->14768 14756 612d50 26 API calls 14752->14756 14760 61775f 14756->14760 14762 612d50 26 API calls 14760->14762 14766 61776a 14762->14766 14767 612d50 26 API calls 14766->14767 14771 617775 14767->14771 15640 614000 14768->15640 14775 612d50 26 API calls 14771->14775 14780 617780 14775->14780 14776 6176a0 _wcsrchr 14789 614000 26 API calls 14776->14789 14784 612d50 26 API calls 14780->14784 14788 61778b 14784->14788 14791 612d50 26 API calls 14788->14791 14792 6176b2 _wcsrchr 14789->14792 14793 617796 14791->14793 15644 614800 14792->15644 14799 612d50 26 API calls 14793->14799 14803 6177a1 14799->14803 14807 612d50 26 API calls 14803->14807 14811 6177ac 14807->14811 14816 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 14811->14816 14812 614800 26 API calls 14817 6176dd 14812->14817 14822 6177c6 14816->14822 14818 614000 26 API calls 14817->14818 14823 6176e7 CreateHardLinkW 14818->14823 15092 62124f GetModuleHandleW 14822->15092 14823->14730 14827 6176f9 14823->14827 14834 614000 26 API calls 14827->14834 14839 617706 CopyFileW 14834->14839 14839->14730 15079 627b00 15078->15079 15080 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15079->15080 15081 6207b8 15080->15081 15081->14646 15082 627a8d 15081->15082 15083 627abc 15082->15083 15084 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15083->15084 15085 627ae5 15084->15085 15085->14651 15087 627db4 _abort __onexit 15086->15087 15087->14648 15088 628aa5 _abort 38 API calls 15087->15088 15091 62855b 15088->15091 15089 628658 _abort 38 API calls 15090 628585 15089->15090 15091->15089 15093 620861 15092->15093 15093->14638 15093->14657 16890 627b41 15094->16890 15098 620f02 15097->15098 15102 620876 15098->15102 16968 6284d9 15098->16968 15101 622da4 ___vcrt_uninitialize 8 API calls 15101->15102 15102->14646 15104 621114 ___scrt_fastfail 15103->15104 15105 6211bf IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15104->15105 15106 62120a ___scrt_fastfail 15105->15106 15106->14638 15108 627b41 _abort 28 API calls 15107->15108 15109 627dd5 15108->15109 15109->14640 15111 627b41 _abort 28 API calls 15110->15111 15112 6208dd 15111->15112 15114 620d7c 15113->15114 15115 622d7b 15114->15115 15116 622d80 ___vcrt_initialize_winapi_thunks 15115->15116 15135 623e2c 15116->15135 15120 622da1 15120->14667 15121 622d96 15121->15120 15149 623e68 15121->15149 15123 622d8e 15123->14667 15190 62beea 15124->15190 15127 622da4 15128 622dad 15127->15128 15134 622dbe 15127->15134 15129 6230bf ___vcrt_uninitialize_ptd 6 API calls 15128->15129 15130 622db2 15129->15130 15131 623e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15130->15131 15132 622db7 15131->15132 15390 624129 15132->15390 15134->14672 15136 623e35 15135->15136 15138 623e5e 15136->15138 15140 622d8a 15136->15140 15153 6240b9 15136->15153 15139 623e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15138->15139 15139->15140 15140->15123 15141 62308c 15140->15141 15171 623fca 15141->15171 15146 6230bc 15146->15121 15148 6230a1 15148->15121 15150 623e92 15149->15150 15151 623e73 15149->15151 15150->15123 15152 623e7d DeleteCriticalSection 15151->15152 15152->15150 15152->15152 15158 623f5b 15153->15158 15155 6240d3 15156 6240f1 InitializeCriticalSectionAndSpinCount 15155->15156 15157 6240dc 15155->15157 15156->15157 15157->15136 15159 623f83 15158->15159 15163 623f7f __crt_fast_encode_pointer 15158->15163 15159->15163 15164 623e97 15159->15164 15162 623f9d GetProcAddress 15162->15163 15163->15155 15166 623ea6 15164->15166 15165 623f50 15165->15162 15165->15163 15166->15165 15167 623ec3 LoadLibraryExW 15166->15167 15169 623f39 FreeLibrary 15166->15169 15170 623f11 LoadLibraryExW 15166->15170 15167->15166 15168 623ede GetLastError 15167->15168 15168->15166 15169->15166 15170->15166 15172 623f5b try_get_function 5 API calls 15171->15172 15173 623fe4 15172->15173 15174 623ffd TlsAlloc 15173->15174 15175 623096 15173->15175 15175->15148 15176 62407b 15175->15176 15177 623f5b try_get_function 5 API calls 15176->15177 15178 624095 15177->15178 15179 6240b0 TlsSetValue 15178->15179 15180 6230af 15178->15180 15179->15180 15180->15146 15181 6230bf 15180->15181 15182 6230cf 15181->15182 15183 6230c9 15181->15183 15182->15148 15185 624005 15183->15185 15186 623f5b try_get_function 5 API calls 15185->15186 15187 62401f 15186->15187 15188 624037 TlsFree 15187->15188 15189 62402b 15187->15189 15188->15189 15189->15182 15193 62bf07 15190->15193 15194 62bf03 15190->15194 15192 620d8e 15192->14670 15192->15127 15193->15194 15196 629f80 15193->15196 15208 620bbe 15194->15208 15197 629f8c ___scrt_is_nonwritable_in_current_image 15196->15197 15215 62b0d1 EnterCriticalSection 15197->15215 15199 629f93 15216 62b685 15199->15216 15201 629fa2 15202 629fb1 15201->15202 15229 629e09 GetStartupInfoW 15201->15229 15240 629fcd 15202->15240 15206 629fc2 __onexit 15206->15193 15209 620bc7 15208->15209 15210 620bc9 IsProcessorFeaturePresent 15208->15210 15209->15192 15212 6213e7 15210->15212 15389 6213ab SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15212->15389 15214 6214ca 15214->15192 15215->15199 15217 62b691 ___scrt_is_nonwritable_in_current_image 15216->15217 15218 62b6b5 15217->15218 15219 62b69e 15217->15219 15243 62b0d1 EnterCriticalSection 15218->15243 15251 62517e 15219->15251 15223 62b6c1 15228 62b6ed 15223->15228 15244 62b5d6 15223->15244 15225 62b6ad __onexit 15225->15201 15257 62b714 15228->15257 15230 629e26 15229->15230 15231 629eb8 15229->15231 15230->15231 15232 62b685 27 API calls 15230->15232 15235 629ebf 15231->15235 15233 629e4f 15232->15233 15233->15231 15234 629e7d GetFileType 15233->15234 15234->15233 15239 629ec6 15235->15239 15236 629f09 GetStdHandle 15236->15239 15237 629f71 15237->15202 15238 629f1c GetFileType 15238->15239 15239->15236 15239->15237 15239->15238 15388 62b121 LeaveCriticalSection 15240->15388 15242 629fd4 15242->15206 15243->15223 15260 62a272 15244->15260 15246 62b5f5 15274 628de9 15246->15274 15248 62b5e8 15248->15246 15267 62b3aa 15248->15267 15249 62b647 15249->15223 15308 628b29 GetLastError 15251->15308 15254 624640 15366 6245c5 15254->15366 15256 62464c 15256->15225 15387 62b121 LeaveCriticalSection 15257->15387 15259 62b71b 15259->15225 15265 62a27f _abort 15260->15265 15261 62a2bf 15263 62517e __dosmaperr 19 API calls 15261->15263 15262 62a2aa RtlAllocateHeap 15262->15265 15264 62a2bd 15263->15264 15264->15248 15265->15261 15265->15262 15265->15264 15280 627f33 15265->15280 15295 62b138 15267->15295 15269 62b3d1 15270 62b3ef InitializeCriticalSectionAndSpinCount 15269->15270 15271 62b3da 15269->15271 15270->15271 15272 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15271->15272 15273 62b406 15272->15273 15273->15248 15275 628df4 HeapFree 15274->15275 15279 628e1d __dosmaperr 15274->15279 15276 628e09 15275->15276 15275->15279 15277 62517e __dosmaperr 18 API calls 15276->15277 15278 628e0f GetLastError 15277->15278 15278->15279 15279->15249 15285 627f77 15280->15285 15282 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15283 627f73 15282->15283 15283->15265 15284 627f49 15284->15282 15286 627f83 ___scrt_is_nonwritable_in_current_image 15285->15286 15291 62b0d1 EnterCriticalSection 15286->15291 15288 627f8e 15292 627fc0 15288->15292 15290 627fb5 __onexit 15290->15284 15291->15288 15293 62b121 _abort LeaveCriticalSection 15292->15293 15294 627fc7 15293->15294 15294->15290 15298 62b164 15295->15298 15300 62b168 __crt_fast_encode_pointer 15295->15300 15296 62b188 15299 62b194 GetProcAddress 15296->15299 15296->15300 15298->15296 15298->15300 15301 62b1d4 15298->15301 15299->15300 15300->15269 15302 62b1f5 LoadLibraryExW 15301->15302 15306 62b1ea 15301->15306 15303 62b212 GetLastError 15302->15303 15304 62b22a 15302->15304 15303->15304 15307 62b21d LoadLibraryExW 15303->15307 15305 62b241 FreeLibrary 15304->15305 15304->15306 15305->15306 15306->15298 15307->15304 15309 628b42 15308->15309 15310 628b48 15308->15310 15327 62b2fb 15309->15327 15312 62a272 _abort 17 API calls 15310->15312 15314 628b9f SetLastError 15310->15314 15313 628b5a 15312->15313 15319 628b62 15313->15319 15334 62b351 15313->15334 15315 625183 15314->15315 15315->15254 15318 628de9 _free 17 API calls 15321 628b68 15318->15321 15319->15318 15320 628b7e 15341 62890c 15320->15341 15323 628b96 SetLastError 15321->15323 15323->15315 15325 628de9 _free 17 API calls 15326 628b8f 15325->15326 15326->15314 15326->15323 15328 62b138 _abort 5 API calls 15327->15328 15329 62b322 15328->15329 15330 62b33a TlsGetValue 15329->15330 15331 62b32e 15329->15331 15330->15331 15332 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15331->15332 15333 62b34b 15332->15333 15333->15310 15335 62b138 _abort 5 API calls 15334->15335 15336 62b378 15335->15336 15337 62b393 TlsSetValue 15336->15337 15338 62b387 15336->15338 15337->15338 15339 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15338->15339 15340 628b77 15339->15340 15340->15319 15340->15320 15346 6288e4 15341->15346 15352 628824 15346->15352 15348 628908 15349 628894 15348->15349 15358 628728 15349->15358 15351 6288b8 15351->15325 15353 628830 ___scrt_is_nonwritable_in_current_image 15352->15353 15354 62b0d1 _abort EnterCriticalSection 15353->15354 15355 62883a 15354->15355 15356 628860 _abort LeaveCriticalSection 15355->15356 15357 628858 __onexit 15356->15357 15357->15348 15359 628734 ___scrt_is_nonwritable_in_current_image 15358->15359 15360 62b0d1 _abort EnterCriticalSection 15359->15360 15361 62873e 15360->15361 15362 628a5a _abort 20 API calls 15361->15362 15363 628756 15362->15363 15364 62876c _abort LeaveCriticalSection 15363->15364 15365 628764 __onexit 15364->15365 15365->15351 15367 628b29 __dosmaperr 20 API calls 15366->15367 15368 6245db 15367->15368 15369 62463a 15368->15369 15371 6245e9 15368->15371 15377 62466d IsProcessorFeaturePresent 15369->15377 15374 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15371->15374 15372 62463f 15373 6245c5 __mbsinc 26 API calls 15372->15373 15375 62464c 15373->15375 15376 624610 15374->15376 15375->15256 15376->15256 15378 624678 15377->15378 15381 624476 15378->15381 15382 624492 ___scrt_fastfail 15381->15382 15383 6244be IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15382->15383 15384 62458f ___scrt_fastfail 15383->15384 15385 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15384->15385 15386 6245ad GetCurrentProcess TerminateProcess 15385->15386 15386->15372 15387->15259 15388->15242 15389->15214 15391 624132 15390->15391 15393 624158 15390->15393 15392 624142 FreeLibrary 15391->15392 15391->15393 15392->15391 15393->15134 15395 62122c GetStartupInfoW 15394->15395 15395->14676 15397 6133e0 ___scrt_fastfail 15396->15397 15398 613653 15397->15398 15400 61389f 15397->15400 15656 612bb0 15397->15656 15399 613669 15398->15399 15398->15400 15401 61368b 15398->15401 15399->15401 15404 612bb0 45 API calls 15399->15404 15668 613c10 15400->15668 15403 6138a4 15401->15403 15412 6137aa 15401->15412 15415 6137db 15401->15415 15405 613c10 45 API calls 15403->15405 15404->15401 15406 6138a9 15405->15406 15410 624650 26 API calls 15406->15410 15408 6138ae 15411 624650 26 API calls 15408->15411 15409 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15413 61389b 15409->15413 15410->15408 15414 6138b3 15411->15414 15412->15408 15416 61382a 15412->15416 15417 617fe0 GetVersionExW 15413->15417 15415->15406 15415->15416 15416->15409 15418 618049 GetLastError 15417->15418 15419 61800e 15417->15419 15738 617da0 15418->15738 15420 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15419->15420 15422 6154cb 15420->15422 15422->14682 15422->14683 15424 62203a __CxxThrowException@8 RaiseException 15425 618071 15424->15425 15427 617f73 GetLastError 15426->15427 15428 617eba GetTokenInformation 15426->15428 15429 617da0 27 API calls 15427->15429 15743 620ce3 15428->15743 15431 617f87 15429->15431 15433 62203a __CxxThrowException@8 RaiseException 15431->15433 15434 617f95 GetLastError 15433->15434 15436 617da0 27 API calls 15434->15436 15439 617fa9 15436->15439 15438 617fb7 GetLastError 15440 617da0 27 API calls 15438->15440 15443 62203a __CxxThrowException@8 RaiseException 15439->15443 15444 617fcb 15440->15444 15443->15438 15446 62203a __CxxThrowException@8 RaiseException 15444->15446 15448 617fd9 15446->15448 15450 6180bf GetCurrentProcess 15449->15450 15451 6180ae 15449->15451 15454 6180e0 15450->15454 15452 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15451->15452 15453 6180bb 15452->15453 15453->14687 15455 618101 GetLastError 15454->15455 15456 6180e6 15454->15456 15458 617da0 27 API calls 15455->15458 15457 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15456->15457 15460 6180fd 15457->15460 15459 618115 15458->15459 15461 62203a __CxxThrowException@8 RaiseException 15459->15461 15460->14687 15462 618123 15461->15462 15464 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15463->15464 15465 613b68 CreateMutexW 15464->15465 15465->14699 15465->14700 15744 61b0e0 15466->15744 15584 6111cd 15583->15584 15585 6111c2 SetForegroundWindow 15583->15585 15584->14691 15584->14726 15585->15584 15641 614009 15640->15641 15642 614013 15640->15642 16845 624f49 15641->16845 15642->14776 15645 625090 26 API calls 15644->15645 15646 614813 15645->15646 15646->14812 15648 6141a6 15647->15648 15649 614188 15647->15649 15648->14747 15649->15648 15650 614199 Sleep 15649->15650 15650->15648 15650->15649 15657 612d47 15656->15657 15661 612be0 15656->15661 15683 613c00 15657->15683 15660 612c1a 15673 620bcf 15660->15673 15661->15660 15662 612c4e 15661->15662 15664 612c38 15662->15664 15665 620bcf 22 API calls 15662->15665 15666 624650 26 API calls 15664->15666 15667 612d15 15664->15667 15665->15664 15666->15657 15667->15397 15728 6205bd 15668->15728 15675 620bd4 15673->15675 15676 620bee 15675->15676 15677 627f33 _abort 7 API calls 15675->15677 15679 620bf0 15675->15679 15690 625196 15675->15690 15676->15664 15677->15675 15678 62151f 15680 62203a __CxxThrowException@8 RaiseException 15678->15680 15679->15678 15699 62203a 15679->15699 15681 62153c 15680->15681 15702 62059d 15683->15702 15691 628e23 15690->15691 15692 628e61 15691->15692 15694 628e35 _abort 15691->15694 15695 628e4c HeapAlloc 15691->15695 15693 62517e __dosmaperr 20 API calls 15692->15693 15697 628e66 15693->15697 15694->15692 15694->15695 15698 627f33 _abort 7 API calls 15694->15698 15695->15694 15696 628e5f 15695->15696 15696->15697 15697->15675 15698->15694 15700 62205a RaiseException 15699->15700 15700->15678 15707 6204eb 15702->15707 15705 62203a __CxxThrowException@8 RaiseException 15706 6205bc 15705->15706 15710 620493 15707->15710 15713 622a76 15710->15713 15712 6204bf 15712->15705 15714 622ab0 15713->15714 15715 622a83 15713->15715 15714->15712 15715->15714 15716 625196 ___std_exception_copy 21 API calls 15715->15716 15717 622aa0 15716->15717 15717->15714 15719 6285fe 15717->15719 15720 62860b 15719->15720 15721 628619 15719->15721 15720->15721 15723 628630 15720->15723 15722 62517e __dosmaperr 20 API calls 15721->15722 15727 628621 15722->15727 15725 62862b 15723->15725 15726 62517e __dosmaperr 20 API calls 15723->15726 15724 624640 __mbsinc 26 API calls 15724->15725 15725->15714 15726->15727 15727->15724 15735 62054b 15728->15735 15731 62203a __CxxThrowException@8 RaiseException 15732 6205dc 15731->15732 15733 617ae6 ___delayLoadHelper2@8 17 API calls 15732->15733 15734 6205f4 15733->15734 15736 620493 std::exception::exception 27 API calls 15735->15736 15737 62055d 15736->15737 15737->15731 15739 622a76 ___std_exception_copy 27 API calls 15738->15739 15740 617ddd 15739->15740 15741 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15740->15741 15742 617df9 15741->15742 15742->15424 15829 61b780 15744->15829 15747 61b741 16054 619da0 15747->16054 15748 61b12c 15753 61b780 39 API calls 15748->15753 15750 61b74b 15751 619da0 RaiseException 15750->15751 15752 61b755 15751->15752 15754 619da0 RaiseException 15752->15754 15755 61b152 15753->15755 15756 61b75f 15754->15756 15755->15750 15757 61b15c 15755->15757 15758 619da0 RaiseException 15756->15758 15764 61b780 39 API calls 15757->15764 15759 61b769 15758->15759 15760 619da0 RaiseException 15759->15760 15761 61b773 15760->15761 15762 624650 26 API calls 15761->15762 15763 61b778 15762->15763 15765 624650 26 API calls 15763->15765 15766 61b182 15764->15766 15767 61b77d 15765->15767 15766->15752 15768 61b18c 15766->15768 15769 61b780 39 API calls 15768->15769 15770 61b1b2 15769->15770 15770->15756 15771 61b1bc 15770->15771 15844 619530 15771->15844 15773 61b1f2 15774 61b780 39 API calls 15773->15774 15775 61b20a 15774->15775 15775->15759 15776 61b214 15775->15776 15915 618dc0 15776->15915 15778 61b24f 15933 619450 CryptCreateHash 15778->15933 15781 618dc0 35 API calls 15782 61b287 15781->15782 15783 619450 31 API calls 15782->15783 15784 61b2a5 15783->15784 15944 61c500 15784->15944 15830 61b7b1 15829->15830 15841 61b79d 15829->15841 16058 620aca EnterCriticalSection 15830->16058 15832 620aca 5 API calls 15835 61b81b 15832->15835 15833 61b7bb 15834 61b7c7 GetProcessHeap 15833->15834 15833->15841 16063 620f59 15834->16063 15838 620f59 29 API calls 15835->15838 15843 61b122 15835->15843 15840 61b874 15838->15840 15842 620a80 4 API calls 15840->15842 15841->15832 15841->15843 15842->15843 15843->15747 15843->15748 15845 61b780 39 API calls 15844->15845 15846 619566 15845->15846 15847 619571 15846->15847 15848 61981a 15846->15848 15853 61b780 39 API calls 15847->15853 15849 619da0 RaiseException 15848->15849 15850 619824 15849->15850 15851 619da0 RaiseException 15850->15851 15852 61982e 15851->15852 15854 619da0 RaiseException 15852->15854 15855 619595 15853->15855 15856 619838 15854->15856 15855->15850 15857 6195a0 15855->15857 15858 619da0 RaiseException 15856->15858 15863 61b780 39 API calls 15857->15863 15859 619842 15858->15859 15860 619da0 RaiseException 15859->15860 15861 61984c 15860->15861 15862 619da0 RaiseException 15861->15862 15864 619856 15862->15864 15865 6195c4 15863->15865 15866 619da0 RaiseException 15864->15866 15865->15852 15867 6195cf 15865->15867 15868 619860 15866->15868 15873 61b780 39 API calls 15867->15873 15869 619da0 RaiseException 15868->15869 15870 61986a 15869->15870 15871 619da0 RaiseException 15870->15871 15872 619874 15871->15872 15874 619da0 RaiseException 15872->15874 15875 6195f3 15873->15875 15876 61987e 15874->15876 15875->15856 15877 6195fe 15875->15877 15878 619da0 RaiseException 15876->15878 15883 61b780 39 API calls 15877->15883 15879 619888 15878->15879 15880 619da0 RaiseException 15879->15880 15881 619892 15880->15881 15882 619da0 RaiseException 15881->15882 15884 6197c9 15882->15884 15885 619622 15883->15885 15886 619da0 RaiseException 15884->15886 15914 6197d4 15884->15914 15885->15859 15887 61962d 15885->15887 15888 6198a6 15886->15888 15889 61b780 39 API calls 15887->15889 15888->15773 15890 619651 15889->15890 15890->15861 15891 61965c 15890->15891 15892 61b780 39 API calls 15891->15892 15893 619680 15892->15893 15893->15864 15894 61968b 15893->15894 15895 61b780 39 API calls 15894->15895 15896 6196af 15895->15896 15896->15868 15897 6196ba 15896->15897 15898 61b780 39 API calls 15897->15898 15899 6196de 15898->15899 15899->15870 15900 6196e9 15899->15900 15901 61b780 39 API calls 15900->15901 15902 61970d 15901->15902 15902->15872 15903 619718 15902->15903 15904 61b780 39 API calls 15903->15904 15905 61973c 15904->15905 15905->15876 15906 619747 15905->15906 15907 61b780 39 API calls 15906->15907 15908 61976b 15907->15908 15908->15879 15909 619776 15908->15909 15910 61b780 39 API calls 15909->15910 15911 61979a 15910->15911 15911->15881 15912 6197a5 15911->15912 15913 61b780 39 API calls 15912->15913 15913->15884 15914->15773 15916 618e3e ___scrt_fastfail 15915->15916 15917 617fe0 30 API calls 15916->15917 15918 618e46 15917->15918 15919 618e4d lstrcatA 15918->15919 15920 618e5c CryptAcquireContextA 15918->15920 15919->15920 15921 618ea7 GetLastError 15920->15921 15922 618e77 15920->15922 15923 617da0 27 API calls 15921->15923 15924 618e82 CryptReleaseContext 15922->15924 15925 618e8b 15922->15925 15926 618ebe 15923->15926 15924->15925 15927 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15925->15927 15928 62203a __CxxThrowException@8 RaiseException 15926->15928 15929 618ea3 15927->15929 15930 618ecf 15928->15930 15929->15778 15931 618ed6 CryptReleaseContext 15930->15931 15932 618edf 15930->15932 15931->15932 15932->15778 15934 61947a 15933->15934 15935 61949f GetLastError 15933->15935 15936 619488 CryptDestroyHash 15934->15936 15937 61948f 15934->15937 15938 617da0 27 API calls 15935->15938 15936->15937 15939 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15937->15939 15940 6194b3 15938->15940 15941 619499 15939->15941 15942 62203a __CxxThrowException@8 RaiseException 15940->15942 15941->15781 15943 6194c1 15942->15943 15945 61b780 39 API calls 15944->15945 15946 61c53d 15945->15946 15947 61c547 15946->15947 15948 61c88c 15946->15948 15954 61b780 39 API calls 15947->15954 15949 619da0 RaiseException 15948->15949 15950 61c896 15949->15950 15951 619da0 RaiseException 15950->15951 15952 61c8a0 15951->15952 15953 619da0 RaiseException 15952->15953 15955 61c8aa 15953->15955 15956 61c56a 15954->15956 15957 619da0 RaiseException 15955->15957 15956->15950 15958 61c574 15956->15958 15959 61c8b4 15957->15959 15960 61b780 39 API calls 15958->15960 15961 61c594 15960->15961 15961->15952 15963 61c59e 15961->15963 15962 61c5f7 GetSystemDirectoryW 15965 61c607 GetLastError 15962->15965 15967 61c614 15962->15967 15963->15962 16110 61c920 15963->16110 15965->15967 15967->15955 15968 61c677 GetVolumePathNameW 15967->15968 15969 61c920 RaiseException 15967->15969 15972 61c7fd 15967->15972 15970 61c688 GetLastError 15968->15970 15976 61c693 15968->15976 15971 61c671 15969->15971 15970->15976 15971->15968 15973 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 15972->15973 15974 61b3f1 15973->15974 15990 61a100 15974->15990 15975 61c6e5 GetVolumeNameForVolumeMountPointW 15978 61c6f6 GetLastError 15975->15978 15986 61c701 15975->15986 15976->15955 15976->15972 15976->15975 15977 61c920 RaiseException 15976->15977 15979 61c6e2 15977->15979 15978->15986 15979->15975 15980 61c79e CreateFileW 15981 61c7c3 DeviceIoControl 15980->15981 15982 61c7b8 GetLastError 15980->15982 15983 61c7e3 GetLastError 15981->15983 15984 61c7ee 15981->15984 15982->15972 15985 61c7f6 CloseHandle 15983->15985 15984->15985 15985->15972 15986->15955 15986->15972 15986->15980 15987 61c789 15986->15987 15988 61c920 RaiseException 15986->15988 15987->15955 15989 61c795 15987->15989 15988->15987 15989->15980 15991 61b780 39 API calls 15990->15991 15992 61a144 15991->15992 15993 61a4b7 15992->15993 15994 61a14e GetVersion 15992->15994 15995 619da0 RaiseException 15993->15995 16129 619ff0 15994->16129 15996 61a4c1 15995->15996 15997 619da0 RaiseException 15996->15997 15998 61a4cb 15997->15998 16001 619da0 RaiseException 15998->16001 16003 61a4d5 16001->16003 16002 61a19a CreateFileW 16004 61a1c7 16002->16004 16005 61a1b9 GetLastError 16002->16005 16006 61cc40 RaiseException 16003->16006 16007 625196 ___std_exception_copy 21 API calls 16004->16007 16011 61a46e 16005->16011 16008 61a4da 16006->16008 16009 61a1d1 ___scrt_fastfail 16007->16009 16012 61a1f6 DeviceIoControl 16009->16012 16029 61a1dd 16009->16029 16010 61a465 CloseHandle 16010->16011 16013 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16011->16013 16015 61a22b GetLastError 16012->16015 16016 61a239 16012->16016 16014 61a4b3 16013->16014 16045 61a4e0 16014->16045 16015->16010 16017 61a41b 16016->16017 16020 61a265 16016->16020 16016->16029 16018 61a422 16017->16018 16019 61a438 16017->16019 16022 61cb70 27 API calls 16018->16022 16026 61cb70 27 API calls 16019->16026 16021 61b780 39 API calls 16020->16021 16024 61a26e 16021->16024 16025 61a42e 16022->16025 16024->15996 16031 61a279 16024->16031 16027 61cc50 43 API calls 16025->16027 16028 61a454 16026->16028 16027->16029 16030 61cc50 43 API calls 16028->16030 16029->16010 16030->16029 16031->15998 16032 61a2bb 16031->16032 16142 61c8c0 16031->16142 16146 61cdd0 16032->16146 16035 61a2cc 16035->15998 16036 61a2fa 16035->16036 16037 61a3d7 16036->16037 16040 61a334 16036->16040 16041 61a35a 16036->16041 16176 61cb70 16037->16176 16040->16003 16040->16041 16042 61a385 16040->16042 16043 61a39e 16041->16043 16156 61cfb0 16042->16156 16043->16041 16198 61cc50 16043->16198 16046 61b780 39 API calls 16045->16046 16047 61a523 16046->16047 16048 619da0 RaiseException 16047->16048 16049 61a8e1 16048->16049 16050 619da0 RaiseException 16049->16050 16051 61a8eb 16050->16051 16052 61cc40 RaiseException 16051->16052 16053 61a8f0 16052->16053 16055 619daf 16054->16055 16056 62203a __CxxThrowException@8 RaiseException 16055->16056 16057 619dbd 16056->16057 16057->15750 16059 620ade 16058->16059 16060 620ae3 LeaveCriticalSection 16059->16060 16070 620b5e 16059->16070 16060->15833 16073 620f1e 16063->16073 16066 620a80 EnterCriticalSection LeaveCriticalSection 16067 620b1c 16066->16067 16068 620b25 16067->16068 16069 620b4a SetEvent ResetEvent 16067->16069 16068->15841 16069->15841 16071 620b97 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 16070->16071 16072 620b6b 16070->16072 16071->16072 16072->16059 16074 620f42 16073->16074 16075 620f3b 16073->16075 16082 62838c 16074->16082 16079 62831c 16075->16079 16078 61b802 16078->16066 16080 62838c __onexit 29 API calls 16079->16080 16081 62832e 16080->16081 16081->16078 16085 628093 16082->16085 16088 627fc9 16085->16088 16087 6280b7 16087->16078 16089 627fd5 ___scrt_is_nonwritable_in_current_image 16088->16089 16096 62b0d1 EnterCriticalSection 16089->16096 16091 627fe3 16097 6281db 16091->16097 16093 627ff0 16107 62800e 16093->16107 16095 628001 __onexit 16095->16087 16096->16091 16098 6281f1 __onexit __crt_fast_encode_pointer 16097->16098 16099 6281f9 16097->16099 16098->16093 16099->16098 16101 628586 __onexit 29 API calls 16099->16101 16106 628252 16099->16106 16100 628586 __onexit 29 API calls 16103 628268 16100->16103 16102 628248 16101->16102 16104 628de9 _free 20 API calls 16102->16104 16105 628de9 _free 20 API calls 16103->16105 16104->16106 16105->16098 16106->16098 16106->16100 16108 62b121 _abort LeaveCriticalSection 16107->16108 16109 628018 16108->16109 16109->16095 16111 61c939 16110->16111 16115 61c947 16110->16115 16117 619f40 16111->16117 16113 61c5f4 16113->15962 16115->16113 16121 61c9d0 16115->16121 16118 619f69 16117->16118 16126 61cc40 16118->16126 16122 61c9e3 16121->16122 16123 61cc40 RaiseException 16122->16123 16124 61ca06 16122->16124 16125 61ca15 16123->16125 16124->16113 16125->16113 16127 619da0 RaiseException 16126->16127 16128 61cc4a 16127->16128 16130 61a005 ___scrt_initialize_default_local_stdio_options 16129->16130 16131 61a071 16129->16131 16226 62706b 16130->16226 16132 619da0 RaiseException 16131->16132 16141 61a07b 16131->16141 16133 61a097 16132->16133 16134 619da0 RaiseException 16133->16134 16136 61a0a1 16134->16136 16136->16002 16138 61a054 16229 62708f 16138->16229 16140 61c920 RaiseException 16140->16138 16141->16002 16143 61c8e7 16142->16143 16144 61c913 16143->16144 16508 61c980 16143->16508 16144->16032 16151 61cde8 16146->16151 16149 6252a8 42 API calls 16150 61ce96 16149->16150 16150->16149 16155 61cf12 16150->16155 16151->16150 16154 61ce64 16151->16154 16513 6255d7 16151->16513 16517 6252a8 16151->16517 16522 625279 16151->16522 16153 625279 42 API calls 16153->16154 16154->16150 16154->16153 16155->16035 16157 61cfc0 16156->16157 16158 61cfbb 16156->16158 16159 61cfc7 16157->16159 16164 61cfdf ___scrt_fastfail 16157->16164 16158->16043 16160 62517e __dosmaperr 20 API calls 16159->16160 16161 61cfcc 16160->16161 16163 624640 __mbsinc 26 API calls 16161->16163 16162 61cfef 16162->16043 16167 61cfd7 16163->16167 16164->16162 16165 61d011 16164->16165 16166 61d02b 16164->16166 16168 62517e __dosmaperr 20 API calls 16165->16168 16169 61d021 16166->16169 16171 62517e __dosmaperr 20 API calls 16166->16171 16167->16043 16170 61d016 16168->16170 16169->16043 16172 624640 __mbsinc 26 API calls 16170->16172 16173 61d034 16171->16173 16172->16169 16174 624640 __mbsinc 26 API calls 16173->16174 16175 61d03f 16174->16175 16175->16043 16177 61cb81 16176->16177 16182 61cb8e 16176->16182 16597 619dd0 16177->16597 16179 619da0 RaiseException 16181 61cc3f 16179->16181 16185 61c8c0 RaiseException 16182->16185 16186 61cbca 16182->16186 16191 61cbe8 BuildCatchObjectHelperInternal 16182->16191 16183 61cbd4 16188 61cbd8 16183->16188 16189 61cbea 16183->16189 16184 61cc0e 16187 61cfb0 26 API calls 16184->16187 16185->16186 16186->16183 16186->16184 16187->16191 16190 62517e __dosmaperr 20 API calls 16188->16190 16189->16191 16193 62517e __dosmaperr 20 API calls 16189->16193 16192 61cbdd 16190->16192 16191->16179 16194 61cc24 16191->16194 16195 624640 __mbsinc 26 API calls 16192->16195 16196 61cbf4 16193->16196 16194->16041 16195->16191 16197 624640 __mbsinc 26 API calls 16196->16197 16197->16191 16201 61cc5f 16198->16201 16222 61ccb7 16198->16222 16199 627266 42 API calls 16204 61ccdd 16199->16204 16217 61cc8e 16201->16217 16602 627266 16201->16602 16605 6271c2 16201->16605 16202 6271c2 __mbsinc 38 API calls 16202->16204 16204->16202 16205 627266 42 API calls 16204->16205 16208 61ccfc 16204->16208 16205->16204 16206 619da0 RaiseException 16209 61cdaf 16206->16209 16207 61cd27 16211 61cd53 16207->16211 16212 61cd3c 16207->16212 16224 61cd4c BuildCatchObjectHelperInternal 16207->16224 16208->16207 16210 61c8c0 RaiseException 16208->16210 16218 61cd88 16208->16218 16223 61cd96 16208->16223 16210->16207 16216 62517e __dosmaperr 20 API calls 16211->16216 16211->16224 16213 62517e __dosmaperr 20 API calls 16212->16213 16215 61cd41 16213->16215 16219 624640 __mbsinc 26 API calls 16215->16219 16220 61cd60 16216->16220 16217->16218 16221 61c8c0 RaiseException 16217->16221 16217->16222 16218->16206 16218->16223 16219->16224 16225 624640 __mbsinc 26 API calls 16220->16225 16221->16222 16222->16199 16222->16218 16223->16029 16613 619d00 16224->16613 16225->16224 16232 625bc9 16226->16232 16454 625d4e 16229->16454 16231 6270ae 16231->16131 16233 625bf1 16232->16233 16234 625c09 16232->16234 16235 62517e __dosmaperr 20 API calls 16233->16235 16234->16233 16236 625c11 16234->16236 16237 625bf6 16235->16237 16249 624dd3 16236->16249 16239 624640 __mbsinc 26 API calls 16237->16239 16247 625c01 16239->16247 16241 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16243 61a026 16241->16243 16243->16133 16243->16138 16243->16140 16247->16241 16250 624df0 16249->16250 16251 624de6 16249->16251 16250->16251 16277 628aa5 GetLastError 16250->16277 16257 626089 16251->16257 16253 624e11 16297 628d51 16253->16297 16258 6260a8 16257->16258 16259 62517e __dosmaperr 20 API calls 16258->16259 16260 625c99 16259->16260 16261 6263a8 16260->16261 16337 624e82 16261->16337 16263 6263cd 16264 62517e __dosmaperr 20 API calls 16263->16264 16265 6263d2 16264->16265 16267 624640 __mbsinc 26 API calls 16265->16267 16266 625ca4 16274 6260be 16266->16274 16267->16266 16268 6263b8 16268->16263 16268->16266 16344 626505 16268->16344 16351 626941 16268->16351 16356 62653f 16268->16356 16361 626568 16268->16361 16392 6266e4 16268->16392 16275 628de9 _free 20 API calls 16274->16275 16276 6260ce 16275->16276 16276->16247 16278 628ac1 16277->16278 16279 628abb 16277->16279 16281 62a272 _abort 20 API calls 16278->16281 16283 628b10 SetLastError 16278->16283 16280 62b2fb _abort 11 API calls 16279->16280 16280->16278 16282 628ad3 16281->16282 16284 628adb 16282->16284 16285 62b351 _abort 11 API calls 16282->16285 16283->16253 16286 628de9 _free 20 API calls 16284->16286 16287 628af0 16285->16287 16288 628ae1 16286->16288 16287->16284 16289 628af7 16287->16289 16291 628b1c SetLastError 16288->16291 16290 62890c _abort 20 API calls 16289->16290 16292 628b02 16290->16292 16305 628658 16291->16305 16294 628de9 _free 20 API calls 16292->16294 16296 628b09 16294->16296 16296->16283 16296->16291 16298 628d64 16297->16298 16299 624e2a 16297->16299 16298->16299 16316 62bdf4 16298->16316 16301 628d7e 16299->16301 16302 628d91 16301->16302 16303 628da6 16301->16303 16302->16303 16328 62acee 16302->16328 16303->16251 16306 62c0a6 _abort EnterCriticalSection LeaveCriticalSection 16305->16306 16307 62865d 16306->16307 16309 62c101 _abort 37 API calls 16307->16309 16312 628668 16307->16312 16308 628672 IsProcessorFeaturePresent 16310 62867d 16308->16310 16309->16312 16313 624476 _abort 8 API calls 16310->16313 16311 627d76 _abort 28 API calls 16314 62869a 16311->16314 16312->16308 16315 628690 16312->16315 16313->16315 16315->16311 16317 62be00 ___scrt_is_nonwritable_in_current_image 16316->16317 16318 628aa5 _abort 38 API calls 16317->16318 16319 62be09 16318->16319 16320 62b0d1 _abort EnterCriticalSection 16319->16320 16327 62be57 __onexit 16319->16327 16321 62be27 16320->16321 16322 62be6b __fassign 20 API calls 16321->16322 16323 62be3b 16322->16323 16324 62be5a __fassign LeaveCriticalSection 16323->16324 16325 62be4e 16324->16325 16326 628658 _abort 38 API calls 16325->16326 16325->16327 16326->16327 16327->16299 16329 62acfa ___scrt_is_nonwritable_in_current_image 16328->16329 16330 628aa5 _abort 38 API calls 16329->16330 16335 62ad04 16330->16335 16331 62b0d1 _abort EnterCriticalSection 16331->16335 16332 62ad88 __onexit 16332->16303 16333 628658 _abort 38 API calls 16333->16335 16334 62ad7f __fassign LeaveCriticalSection 16334->16335 16335->16331 16335->16332 16335->16333 16335->16334 16336 628de9 _free 20 API calls 16335->16336 16336->16335 16338 624e87 16337->16338 16339 624e9a 16337->16339 16340 62517e __dosmaperr 20 API calls 16338->16340 16339->16268 16341 624e8c 16340->16341 16342 624640 __mbsinc 26 API calls 16341->16342 16343 624e97 16342->16343 16343->16268 16345 62650a 16344->16345 16346 626521 16345->16346 16347 62517e __dosmaperr 20 API calls 16345->16347 16346->16268 16348 626513 16347->16348 16349 624640 __mbsinc 26 API calls 16348->16349 16350 62651e 16349->16350 16350->16268 16352 626952 16351->16352 16353 626948 16351->16353 16352->16268 16416 62621a 16353->16416 16357 626550 16356->16357 16358 626546 16356->16358 16357->16268 16359 62621a 39 API calls 16358->16359 16360 62654f 16359->16360 16360->16268 16362 626571 16361->16362 16363 62658b 16361->16363 16364 6265bc 16362->16364 16366 626776 16362->16366 16367 62670b 16362->16367 16363->16364 16365 62517e __dosmaperr 20 API calls 16363->16365 16364->16268 16368 6265a8 16365->16368 16369 62674d 16366->16369 16371 6267bc 16366->16371 16372 62677d 16366->16372 16367->16369 16373 626717 16367->16373 16370 624640 __mbsinc 26 API calls 16368->16370 16390 626732 16369->16390 16391 626746 16369->16391 16433 626c36 16369->16433 16374 6265b3 16370->16374 16447 626e13 16371->16447 16375 626782 16372->16375 16383 626724 16372->16383 16380 62675d 16373->16380 16373->16383 16373->16390 16374->16268 16375->16369 16377 626787 16375->16377 16381 62679a 16377->16381 16382 62678c 16377->16382 16380->16391 16419 626b9e 16380->16419 16427 626d80 16381->16427 16382->16391 16423 626df4 16382->16423 16383->16390 16383->16391 16439 626a2c 16383->16439 16385 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16388 62693d 16385->16388 16388->16268 16390->16391 16450 626f46 16390->16450 16391->16385 16393 626776 16392->16393 16394 62670b 16392->16394 16395 62674d 16393->16395 16396 6267bc 16393->16396 16397 62677d 16393->16397 16394->16395 16398 626717 16394->16398 16401 626c36 26 API calls 16395->16401 16414 626732 16395->16414 16415 626746 16395->16415 16400 626e13 26 API calls 16396->16400 16399 626782 16397->16399 16405 626724 16397->16405 16404 62675d 16398->16404 16398->16405 16398->16414 16399->16395 16403 626787 16399->16403 16400->16414 16401->16414 16402 626a2c 48 API calls 16402->16414 16406 62679a 16403->16406 16407 62678c 16403->16407 16410 626b9e 40 API calls 16404->16410 16404->16415 16405->16402 16405->16414 16405->16415 16408 626d80 26 API calls 16406->16408 16411 626df4 26 API calls 16407->16411 16407->16415 16408->16414 16409 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16412 62693d 16409->16412 16410->16414 16411->16414 16412->16268 16413 626f46 40 API calls 16413->16415 16414->16413 16414->16415 16415->16409 16417 629132 39 API calls 16416->16417 16418 626243 16417->16418 16418->16268 16420 626bca 16419->16420 16421 62915e __fassign 40 API calls 16420->16421 16422 626bf9 16420->16422 16421->16422 16422->16390 16424 626e00 16423->16424 16425 626c36 26 API calls 16424->16425 16426 626e12 16425->16426 16426->16390 16428 626d95 16427->16428 16429 62517e __dosmaperr 20 API calls 16428->16429 16432 626da9 16428->16432 16430 626d9e 16429->16430 16431 624640 __mbsinc 26 API calls 16430->16431 16431->16432 16432->16390 16434 626c47 16433->16434 16435 62517e __dosmaperr 20 API calls 16434->16435 16438 626c71 16434->16438 16436 626c66 16435->16436 16437 624640 __mbsinc 26 API calls 16436->16437 16437->16438 16438->16390 16440 626a48 16439->16440 16441 625de0 21 API calls 16440->16441 16442 626a95 16441->16442 16443 629b3d 40 API calls 16442->16443 16444 626b0f 16443->16444 16445 6261be 46 API calls 16444->16445 16446 626b2e 16444->16446 16445->16446 16446->16390 16448 626c36 26 API calls 16447->16448 16449 626e2a 16448->16449 16449->16390 16451 626fa6 16450->16451 16453 626f58 16450->16453 16451->16391 16452 62915e __fassign 40 API calls 16452->16453 16453->16451 16453->16452 16455 625d59 16454->16455 16456 625d6e 16454->16456 16457 62517e __dosmaperr 20 API calls 16455->16457 16458 625db2 16456->16458 16461 625d7c 16456->16461 16460 625d5e 16457->16460 16459 62517e __dosmaperr 20 API calls 16458->16459 16465 625daa 16459->16465 16462 624640 __mbsinc 26 API calls 16460->16462 16470 625a44 16461->16470 16466 625d69 16462->16466 16467 624640 __mbsinc 26 API calls 16465->16467 16466->16231 16468 625dc2 16467->16468 16468->16231 16469 62517e __dosmaperr 20 API calls 16469->16465 16471 625a84 16470->16471 16472 625a6c 16470->16472 16471->16472 16474 625a8c 16471->16474 16473 62517e __dosmaperr 20 API calls 16472->16473 16476 625a71 16473->16476 16475 624dd3 __fassign 38 API calls 16474->16475 16477 625a9c 16475->16477 16478 624640 __mbsinc 26 API calls 16476->16478 16479 626089 20 API calls 16477->16479 16486 625a7c 16478->16486 16481 625b14 16479->16481 16480 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16482 625ba6 16480->16482 16487 626278 16481->16487 16482->16468 16482->16469 16484 6260be 20 API calls 16484->16486 16486->16480 16488 624e82 26 API calls 16487->16488 16489 626288 16488->16489 16490 625b1f 16489->16490 16491 62629d 16489->16491 16496 626941 39 API calls 16489->16496 16497 62653f 39 API calls 16489->16497 16498 626568 50 API calls 16489->16498 16499 626505 26 API calls 16489->16499 16500 6266e4 50 API calls 16489->16500 16501 626edf 16489->16501 16490->16484 16492 62517e __dosmaperr 20 API calls 16491->16492 16493 6262a2 16492->16493 16494 624640 __mbsinc 26 API calls 16493->16494 16494->16490 16496->16489 16497->16489 16498->16489 16499->16489 16500->16489 16502 626ee5 16501->16502 16503 626efe 16501->16503 16502->16503 16504 62517e __dosmaperr 20 API calls 16502->16504 16503->16489 16505 626ef0 16504->16505 16506 624640 __mbsinc 26 API calls 16505->16506 16507 626efb 16506->16507 16507->16489 16509 61c993 16508->16509 16510 61cc40 RaiseException 16509->16510 16512 61c9b6 16509->16512 16511 61c9c5 16510->16511 16512->16144 16514 6255e5 16513->16514 16516 6255ef 16513->16516 16527 6255a3 16514->16527 16516->16151 16518 6252b6 16517->16518 16519 6252c4 16517->16519 16587 625214 16518->16587 16519->16151 16523 625287 16522->16523 16524 625295 16522->16524 16592 6251d9 16523->16592 16524->16151 16530 62541f 16527->16530 16531 624dd3 __fassign 38 API calls 16530->16531 16532 625433 16531->16532 16533 625489 16532->16533 16534 62543e 16532->16534 16535 6254b0 16533->16535 16545 628e71 16533->16545 16542 625586 16534->16542 16538 62517e __dosmaperr 20 API calls 16535->16538 16539 6254b6 16535->16539 16538->16539 16548 6290c7 16539->16548 16541 625448 16541->16516 16553 624ec7 16542->16553 16546 624dd3 __fassign 38 API calls 16545->16546 16547 628e84 16546->16547 16547->16535 16549 624dd3 __fassign 38 API calls 16548->16549 16550 6290da 16549->16550 16560 628eaa 16550->16560 16554 624ed3 16553->16554 16555 624ee9 16553->16555 16554->16555 16556 624edb 16554->16556 16557 624e9d 38 API calls 16555->16557 16558 628c7f 42 API calls 16556->16558 16559 624ee7 16557->16559 16558->16559 16559->16541 16561 628ec5 16560->16561 16562 628eeb MultiByteToWideChar 16561->16562 16563 62909f 16562->16563 16564 628f15 16562->16564 16565 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16563->16565 16568 628e23 __onexit 21 API calls 16564->16568 16570 628f36 __alloca_probe_16 16564->16570 16566 6290b2 16565->16566 16566->16541 16567 628f7f MultiByteToWideChar 16569 628f98 16567->16569 16582 628feb 16567->16582 16568->16570 16571 62b40c 11 API calls 16569->16571 16570->16567 16570->16582 16573 628faf 16571->16573 16572 629112 __freea 20 API calls 16572->16563 16574 628ffa 16573->16574 16575 628fc2 16573->16575 16573->16582 16576 62901b __alloca_probe_16 16574->16576 16577 628e23 __onexit 21 API calls 16574->16577 16578 62b40c 11 API calls 16575->16578 16575->16582 16579 629090 16576->16579 16581 62b40c 11 API calls 16576->16581 16577->16576 16578->16582 16580 629112 __freea 20 API calls 16579->16580 16580->16582 16583 62906f 16581->16583 16582->16572 16583->16579 16584 62907e WideCharToMultiByte 16583->16584 16584->16579 16585 6290be 16584->16585 16586 629112 __freea 20 API calls 16585->16586 16586->16582 16588 624dd3 __fassign 38 API calls 16587->16588 16589 625227 16588->16589 16590 624ec7 42 API calls 16589->16590 16591 625235 16590->16591 16591->16151 16593 624dd3 __fassign 38 API calls 16592->16593 16594 6251ec 16593->16594 16595 624ec7 42 API calls 16594->16595 16596 6251fd 16595->16596 16596->16151 16598 619e08 16597->16598 16599 619e17 16597->16599 16598->16599 16600 619da0 RaiseException 16598->16600 16599->16041 16601 619e8a 16600->16601 16622 627279 16602->16622 16606 6271e3 16605->16606 16607 6271cf 16605->16607 16659 62a065 16606->16659 16608 62517e __dosmaperr 20 API calls 16607->16608 16610 6271d4 16608->16610 16611 624640 __mbsinc 26 API calls 16610->16611 16612 6271df 16611->16612 16612->16201 16614 619d0b 16613->16614 16615 619d31 16614->16615 16616 619d27 16614->16616 16617 619d19 16614->16617 16618 619da0 RaiseException 16614->16618 16620 619da0 RaiseException 16615->16620 16619 619da0 RaiseException 16616->16619 16617->16218 16618->16616 16619->16615 16621 619d3b 16620->16621 16623 624dd3 __fassign 38 API calls 16622->16623 16624 62728c 16623->16624 16625 6272a8 16624->16625 16626 627298 16624->16626 16630 6271fd 16625->16630 16627 624ec7 42 API calls 16626->16627 16629 627275 16627->16629 16629->16201 16631 627211 16630->16631 16632 627215 16630->16632 16631->16629 16634 62a07d 16632->16634 16635 624dd3 __fassign 38 API calls 16634->16635 16636 62a09d MultiByteToWideChar 16635->16636 16638 62a173 16636->16638 16639 62a0db 16636->16639 16640 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16638->16640 16641 62a0fc __alloca_probe_16 ___scrt_fastfail 16639->16641 16648 628e23 16639->16648 16643 62a196 16640->16643 16644 62a16d 16641->16644 16646 62a141 MultiByteToWideChar 16641->16646 16643->16631 16655 629112 16644->16655 16646->16644 16647 62a15d GetStringTypeW 16646->16647 16647->16644 16649 628e61 16648->16649 16653 628e31 _abort 16648->16653 16650 62517e __dosmaperr 20 API calls 16649->16650 16652 628e5f 16650->16652 16651 628e4c HeapAlloc 16651->16652 16651->16653 16652->16641 16653->16649 16653->16651 16654 627f33 _abort 7 API calls 16653->16654 16654->16653 16656 62912f 16655->16656 16657 62911e 16655->16657 16656->16638 16657->16656 16658 628de9 _free 20 API calls 16657->16658 16658->16656 16662 62a00c 16659->16662 16663 624dd3 __fassign 38 API calls 16662->16663 16664 62a020 16663->16664 16664->16612 16846 624f56 16845->16846 16847 62517e __dosmaperr 20 API calls 16846->16847 16848 624f65 16846->16848 16849 624f5b 16847->16849 16848->15642 16850 624640 __mbsinc 26 API calls 16849->16850 16850->16848 16891 627b4d _abort 16890->16891 16892 627b65 16891->16892 16912 627c9b GetModuleHandleW 16891->16912 16921 62b0d1 EnterCriticalSection 16892->16921 16896 627c0b 16925 627c4b 16896->16925 16900 627be2 16901 627bfa 16900->16901 16906 627a8d _abort 5 API calls 16900->16906 16907 627a8d _abort 5 API calls 16901->16907 16902 627b6d 16902->16896 16902->16900 16922 628332 16902->16922 16903 627c54 16936 631b19 16903->16936 16904 627c28 16928 627c5a 16904->16928 16906->16901 16907->16896 16913 627b59 16912->16913 16913->16892 16914 627cdf GetModuleHandleExW 16913->16914 16915 627d09 GetProcAddress 16914->16915 16918 627d1e 16914->16918 16915->16918 16916 627d32 FreeLibrary 16917 627d3b 16916->16917 16919 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16917->16919 16918->16916 16918->16917 16920 627d45 16919->16920 16920->16892 16921->16902 16939 62806b 16922->16939 16961 62b121 LeaveCriticalSection 16925->16961 16927 627c24 16927->16903 16927->16904 16962 62b516 16928->16962 16931 627c88 16934 627cdf _abort 8 API calls 16931->16934 16932 627c68 GetPEB 16932->16931 16933 627c78 GetCurrentProcess TerminateProcess 16932->16933 16933->16931 16935 627c90 ExitProcess 16934->16935 16937 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16936->16937 16938 631b24 16937->16938 16938->16938 16942 62801a 16939->16942 16941 62808f 16941->16900 16943 628026 ___scrt_is_nonwritable_in_current_image 16942->16943 16950 62b0d1 EnterCriticalSection 16943->16950 16945 628034 16951 6280bb 16945->16951 16949 628052 __onexit 16949->16941 16950->16945 16954 6280db 16951->16954 16955 6280e3 16951->16955 16952 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16953 628041 16952->16953 16957 62805f 16953->16957 16954->16952 16955->16954 16956 628de9 _free 20 API calls 16955->16956 16956->16954 16960 62b121 LeaveCriticalSection 16957->16960 16959 628069 16959->16949 16960->16959 16961->16927 16963 62b531 16962->16963 16964 62b53b 16962->16964 16966 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16963->16966 16965 62b138 _abort 5 API calls 16964->16965 16965->16963 16967 627c64 16966->16967 16967->16931 16967->16932 16971 62bf6d 16968->16971 16972 62bf86 16971->16972 16973 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 16972->16973 16974 620f10 16973->16974 16974->15101 17168 623a4e 17171 623bca 17168->17171 17170 623a56 17172 623c10 17171->17172 17173 623bda 17171->17173 17172->17170 17173->17172 17176 622fec 17173->17176 17175 623c06 17175->17170 17189 622ffa 17176->17189 17178 622ff1 17178->17175 17201 62c0a6 17178->17201 17181 628668 17182 628672 IsProcessorFeaturePresent 17181->17182 17183 628690 17181->17183 17185 62867d 17182->17185 17186 627d76 _abort 28 API calls 17183->17186 17187 624476 _abort 8 API calls 17185->17187 17188 62869a 17186->17188 17187->17183 17190 623003 17189->17190 17191 623006 GetLastError 17189->17191 17190->17178 17231 624040 17191->17231 17194 623080 SetLastError 17194->17178 17195 62407b ___vcrt_FlsSetValue 6 API calls 17196 623034 __CreateFrameInfo 17195->17196 17197 62305c 17196->17197 17198 62407b ___vcrt_FlsSetValue 6 API calls 17196->17198 17200 62303a 17196->17200 17199 62407b ___vcrt_FlsSetValue 6 API calls 17197->17199 17197->17200 17198->17197 17199->17200 17200->17194 17236 62c014 17201->17236 17204 62c101 17205 62c10d _abort 17204->17205 17206 628b29 __dosmaperr 20 API calls 17205->17206 17208 62c134 _abort 17205->17208 17212 62c13a _abort 17205->17212 17206->17208 17207 62c186 17210 62517e __dosmaperr 20 API calls 17207->17210 17208->17207 17209 62c169 17208->17209 17208->17212 17214 631b19 _abort 5 API calls 17209->17214 17211 62c18b 17210->17211 17213 624640 __mbsinc 26 API calls 17211->17213 17217 62c1b2 17212->17217 17250 62b0d1 EnterCriticalSection 17212->17250 17213->17209 17216 62c308 17214->17216 17216->17181 17219 62c211 17217->17219 17221 62c209 17217->17221 17228 62c23c 17217->17228 17251 62b121 LeaveCriticalSection 17217->17251 17219->17228 17252 62c0f8 17219->17252 17222 627d76 _abort 28 API calls 17221->17222 17222->17219 17225 628aa5 _abort 38 API calls 17229 62c29f 17225->17229 17227 62c0f8 _abort 38 API calls 17227->17228 17255 62c2c1 17228->17255 17229->17209 17230 628aa5 _abort 38 API calls 17229->17230 17230->17209 17232 623f5b try_get_function 5 API calls 17231->17232 17233 62405a 17232->17233 17234 624072 TlsGetValue 17233->17234 17235 62301b 17233->17235 17234->17235 17235->17194 17235->17195 17235->17200 17239 62bfba 17236->17239 17238 62865d 17238->17181 17238->17204 17240 62bfc6 ___scrt_is_nonwritable_in_current_image 17239->17240 17245 62b0d1 EnterCriticalSection 17240->17245 17242 62bfd4 17246 62c008 17242->17246 17244 62bffb __onexit 17244->17238 17245->17242 17249 62b121 LeaveCriticalSection 17246->17249 17248 62c012 17248->17244 17249->17248 17250->17217 17251->17221 17253 628aa5 _abort 38 API calls 17252->17253 17254 62c0fd 17253->17254 17254->17227 17256 62c2c7 17255->17256 17257 62c290 17255->17257 17259 62b121 LeaveCriticalSection 17256->17259 17257->17209 17257->17225 17257->17229 17259->17257 16975 611020 HeapSetInformation GetModuleHandleW 16976 611063 SetDllDirectoryW GetModuleHandleW 16975->16976 16977 61103e GetProcAddress 16975->16977 16979 6110a2 IsProcessorFeaturePresent 16976->16979 16980 61107d GetProcAddress 16976->16980 16977->16976 16978 611050 16977->16978 16978->16976 16978->16979 16982 6110c6 16979->16982 16983 6110ae 16979->16983 16980->16979 16981 61108f 16980->16981 16981->16979 16985 617fe0 30 API calls 16982->16985 16984 613b70 9 API calls 16983->16984 16986 6110b8 ExitProcess 16984->16986 16987 6110cb 16985->16987 16988 6110d2 16987->16988 16989 6110ea 16987->16989 16990 613b70 9 API calls 16988->16990 16994 6208de 16989->16994 16992 6110dc ExitProcess 16990->16992 16997 621035 16994->16997 16996 6208e3 16996->16996 16998 62104b 16997->16998 16999 621054 16998->16999 17001 620fe8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 16998->17001 16999->16996 17001->16999 17512 627e30 17513 627e3c ___scrt_is_nonwritable_in_current_image 17512->17513 17515 627e73 __onexit 17513->17515 17520 62b0d1 EnterCriticalSection 17513->17520 17516 627e50 17521 62be6b 17516->17521 17520->17516 17522 62be79 __fassign 17521->17522 17524 627e60 17521->17524 17522->17524 17528 62bba7 17522->17528 17525 627e79 17524->17525 17642 62b121 LeaveCriticalSection 17525->17642 17527 627e80 17527->17515 17530 62bc27 17528->17530 17531 62bbbd 17528->17531 17533 628de9 _free 20 API calls 17530->17533 17555 62bc75 17530->17555 17531->17530 17537 628de9 _free 20 API calls 17531->17537 17553 62bbf0 17531->17553 17532 62bc83 17542 62bce3 17532->17542 17549 628de9 20 API calls _free 17532->17549 17534 62bc49 17533->17534 17535 628de9 _free 20 API calls 17534->17535 17538 62bc5c 17535->17538 17536 628de9 _free 20 API calls 17541 62bc1c 17536->17541 17543 62bbe5 17537->17543 17540 628de9 _free 20 API calls 17538->17540 17539 628de9 _free 20 API calls 17544 62bc07 17539->17544 17545 62bc6a 17540->17545 17546 628de9 _free 20 API calls 17541->17546 17547 628de9 _free 20 API calls 17542->17547 17556 62b85e 17543->17556 17584 62b95c 17544->17584 17551 628de9 _free 20 API calls 17545->17551 17546->17530 17552 62bce9 17547->17552 17549->17532 17551->17555 17552->17524 17553->17539 17554 62bc12 17553->17554 17554->17536 17596 62bd1a 17555->17596 17557 62b86f 17556->17557 17583 62b958 17556->17583 17558 62b880 17557->17558 17559 628de9 _free 20 API calls 17557->17559 17560 62b892 17558->17560 17561 628de9 _free 20 API calls 17558->17561 17559->17558 17562 628de9 _free 20 API calls 17560->17562 17563 62b8a4 17560->17563 17561->17560 17562->17563 17564 628de9 _free 20 API calls 17563->17564 17565 62b8b6 17563->17565 17564->17565 17566 628de9 _free 20 API calls 17565->17566 17567 62b8c8 17565->17567 17566->17567 17568 62b8da 17567->17568 17569 628de9 _free 20 API calls 17567->17569 17570 62b8ec 17568->17570 17571 628de9 _free 20 API calls 17568->17571 17569->17568 17572 62b8fe 17570->17572 17574 628de9 _free 20 API calls 17570->17574 17571->17570 17573 62b910 17572->17573 17575 628de9 _free 20 API calls 17572->17575 17576 62b922 17573->17576 17577 628de9 _free 20 API calls 17573->17577 17574->17572 17575->17573 17578 62b934 17576->17578 17579 628de9 _free 20 API calls 17576->17579 17577->17576 17580 62b946 17578->17580 17581 628de9 _free 20 API calls 17578->17581 17579->17578 17582 628de9 _free 20 API calls 17580->17582 17580->17583 17581->17580 17582->17583 17583->17553 17585 62b9c1 17584->17585 17586 62b969 17584->17586 17585->17554 17587 62b979 17586->17587 17588 628de9 _free 20 API calls 17586->17588 17589 62b98b 17587->17589 17590 628de9 _free 20 API calls 17587->17590 17588->17587 17591 62b99d 17589->17591 17592 628de9 _free 20 API calls 17589->17592 17590->17589 17593 62b9af 17591->17593 17594 628de9 _free 20 API calls 17591->17594 17592->17591 17593->17585 17595 628de9 _free 20 API calls 17593->17595 17594->17593 17595->17585 17597 62bd27 17596->17597 17601 62bd45 17596->17601 17597->17601 17602 62ba01 17597->17602 17600 628de9 _free 20 API calls 17600->17601 17601->17532 17603 62badf 17602->17603 17604 62ba12 17602->17604 17603->17600 17638 62b9c5 17604->17638 17607 62b9c5 __fassign 20 API calls 17608 62ba25 17607->17608 17609 62b9c5 __fassign 20 API calls 17608->17609 17610 62ba30 17609->17610 17611 62b9c5 __fassign 20 API calls 17610->17611 17612 62ba3b 17611->17612 17613 62b9c5 __fassign 20 API calls 17612->17613 17614 62ba49 17613->17614 17615 628de9 _free 20 API calls 17614->17615 17616 62ba54 17615->17616 17617 628de9 _free 20 API calls 17616->17617 17618 62ba5f 17617->17618 17619 628de9 _free 20 API calls 17618->17619 17620 62ba6a 17619->17620 17621 62b9c5 __fassign 20 API calls 17620->17621 17622 62ba78 17621->17622 17623 62b9c5 __fassign 20 API calls 17622->17623 17624 62ba86 17623->17624 17625 62b9c5 __fassign 20 API calls 17624->17625 17626 62ba97 17625->17626 17627 62b9c5 __fassign 20 API calls 17626->17627 17628 62baa5 17627->17628 17629 62b9c5 __fassign 20 API calls 17628->17629 17630 62bab3 17629->17630 17631 628de9 _free 20 API calls 17630->17631 17632 62babe 17631->17632 17633 628de9 _free 20 API calls 17632->17633 17634 62bac9 17633->17634 17635 628de9 _free 20 API calls 17634->17635 17636 62bad4 17635->17636 17637 628de9 _free 20 API calls 17636->17637 17637->17603 17639 62b9fc 17638->17639 17640 62b9ec 17638->17640 17639->17607 17640->17639 17641 628de9 _free 20 API calls 17640->17641 17641->17640 17642->17527 19419 62a303 19423 62a296 _abort 19419->19423 19420 62a2bf 19421 62517e __dosmaperr 20 API calls 19420->19421 19424 62a2bd 19421->19424 19422 627f33 _abort 7 API calls 19422->19423 19423->19420 19423->19422 19423->19424 19425 62a2aa RtlAllocateHeap 19423->19425 19425->19423 17724 620619 17725 620623 17724->17725 17726 617ae6 ___delayLoadHelper2@8 17 API calls 17725->17726 17726->17725 17734 62bee1 17737 62bf07 17734->17737 17738 62bf03 17734->17738 17735 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 17736 62bf69 17735->17736 17737->17738 17739 629f80 31 API calls 17737->17739 17738->17735 17739->17737 17074 6205f8 17075 620608 17074->17075 17076 617ae6 ___delayLoadHelper2@8 17 API calls 17075->17076 17077 620615 17076->17077 17002 6121b0 17003 6121e5 ___scrt_fastfail 17002->17003 17004 6123e1 17003->17004 17005 6121f4 17003->17005 17007 612447 17004->17007 17008 6123e6 17004->17008 17006 612228 17005->17006 17010 612201 17005->17010 17011 612269 GetWindowRect GetModuleHandleW GetProcAddress GetVersionExW 17005->17011 17009 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 17006->17009 17007->17006 17016 613b30 6 API calls 17007->17016 17012 61241a InvalidateRect 17008->17012 17013 6123ee 17008->17013 17017 612479 17009->17017 17018 612230 KillTimer InterlockedExchange DefWindowProcW 17010->17018 17019 612206 17010->17019 17014 6123b5 SetTimer DefWindowProcW 17011->17014 17015 6122e6 17011->17015 17021 612428 DefWindowProcW 17012->17021 17020 6123f6 DefWindowProcW 17013->17020 17013->17021 17025 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 17014->17025 17023 612361 17015->17023 17031 612330 17015->17031 17032 6122f9 17015->17032 17024 61245b ShutdownBlockReasonCreate 17016->17024 17028 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 17018->17028 17019->17021 17026 61220f 17019->17026 17027 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 17020->17027 17022 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 17021->17022 17030 612441 17022->17030 17023->17014 17035 612363 LoadLibraryW 17023->17035 17024->17006 17033 6123db 17025->17033 17048 611fc0 17026->17048 17036 612414 17027->17036 17029 612263 17028->17029 17031->17035 17039 612335 SetTimer DefWindowProcW 17031->17039 17032->17035 17037 612305 SetTimer DefWindowProcW 17032->17037 17040 612374 GetProcAddress 17035->17040 17041 6123af 17035->17041 17042 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 17037->17042 17043 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 17039->17043 17044 6123a8 FreeLibrary 17040->17044 17045 61238a 17040->17045 17041->17014 17046 61232a 17042->17046 17047 61235b 17043->17047 17044->17041 17045->17044 17049 61212f 17048->17049 17064 611ff9 17048->17064 17050 620aca 5 API calls 17049->17050 17051 612139 17050->17051 17055 612149 CreateSolidBrush 17051->17055 17051->17064 17052 620aca 5 API calls 17057 612175 17052->17057 17053 61204f CreateSolidBrush 17056 61205f CreateSolidBrush 17053->17056 17054 612017 17058 61201c CreateSolidBrush 17054->17058 17062 61202e 17054->17062 17059 620a80 4 API calls 17055->17059 17060 61206f BeginPaint 17056->17060 17061 612185 CreateSolidBrush 17057->17061 17068 61200a 17057->17068 17058->17056 17059->17064 17065 612081 FillRect FillRect EndPaint 17060->17065 17066 620a80 4 API calls 17061->17066 17062->17060 17063 61203d CreateSolidBrush 17062->17063 17063->17056 17064->17052 17064->17068 17069 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 17065->17069 17066->17068 17068->17053 17068->17054 17070 61212b 17069->17070 17070->17006 19680 629d80 19690 62e367 19680->19690 19684 629d8d 19703 62e448 19684->19703 19687 629db7 19688 628de9 _free 20 API calls 19687->19688 19689 629dc2 19688->19689 19707 62e370 19690->19707 19692 629d88 19693 62e21a 19692->19693 19694 62e226 ___scrt_is_nonwritable_in_current_image 19693->19694 19727 62b0d1 EnterCriticalSection 19694->19727 19696 62e29c 19741 62e2b1 19696->19741 19698 62e231 19698->19696 19700 62e270 DeleteCriticalSection 19698->19700 19728 62f873 19698->19728 19699 62e2a8 __onexit 19699->19684 19702 628de9 _free 20 API calls 19700->19702 19702->19698 19704 629d9c DeleteCriticalSection 19703->19704 19705 62e45e 19703->19705 19704->19684 19704->19687 19705->19704 19706 628de9 _free 20 API calls 19705->19706 19706->19704 19708 62e37c ___scrt_is_nonwritable_in_current_image 19707->19708 19717 62b0d1 EnterCriticalSection 19708->19717 19710 62e41f 19722 62e43f 19710->19722 19713 62e38b 19713->19710 19716 62e320 66 API calls 19713->19716 19718 629dcc EnterCriticalSection 19713->19718 19719 62e415 19713->19719 19714 62e42b __onexit 19714->19692 19716->19713 19717->19713 19718->19713 19725 629de0 LeaveCriticalSection 19719->19725 19721 62e41d 19721->19713 19726 62b121 LeaveCriticalSection 19722->19726 19724 62e446 19724->19714 19725->19721 19726->19724 19727->19698 19729 62f87f ___scrt_is_nonwritable_in_current_image 19728->19729 19730 62f890 19729->19730 19731 62f8a5 19729->19731 19732 62517e __dosmaperr 20 API calls 19730->19732 19738 62f8a0 __onexit 19731->19738 19744 629dcc EnterCriticalSection 19731->19744 19734 62f895 19732->19734 19735 624640 __mbsinc 26 API calls 19734->19735 19735->19738 19736 62f8c1 19745 62f7fd 19736->19745 19738->19698 19739 62f8cc 19761 62f8e9 19739->19761 20009 62b121 LeaveCriticalSection 19741->20009 19743 62e2b8 19743->19699 19744->19736 19746 62f80a 19745->19746 19747 62f81f 19745->19747 19748 62517e __dosmaperr 20 API calls 19746->19748 19759 62f81a 19747->19759 19764 62e2ba 19747->19764 19749 62f80f 19748->19749 19751 624640 __mbsinc 26 API calls 19749->19751 19751->19759 19753 62e448 20 API calls 19754 62f83b 19753->19754 19770 629c87 19754->19770 19756 62f841 19777 630af3 19756->19777 19759->19739 19760 628de9 _free 20 API calls 19760->19759 20008 629de0 LeaveCriticalSection 19761->20008 19763 62f8f1 19763->19738 19765 62e2d2 19764->19765 19767 62e2ce 19764->19767 19766 629c87 26 API calls 19765->19766 19765->19767 19768 62e2f2 19766->19768 19767->19753 19792 62f46d 19768->19792 19771 629c93 19770->19771 19772 629ca8 19770->19772 19773 62517e __dosmaperr 20 API calls 19771->19773 19772->19756 19774 629c98 19773->19774 19775 624640 __mbsinc 26 API calls 19774->19775 19776 629ca3 19775->19776 19776->19756 19778 630b02 19777->19778 19779 630b17 19777->19779 19781 62516b __dosmaperr 20 API calls 19778->19781 19780 630b52 19779->19780 19785 630b3e 19779->19785 19783 62516b __dosmaperr 20 API calls 19780->19783 19782 630b07 19781->19782 19784 62517e __dosmaperr 20 API calls 19782->19784 19786 630b57 19783->19786 19789 62f847 19784->19789 19965 630acb 19785->19965 19788 62517e __dosmaperr 20 API calls 19786->19788 19790 630b5f 19788->19790 19789->19759 19789->19760 19791 624640 __mbsinc 26 API calls 19790->19791 19791->19789 19793 62f479 ___scrt_is_nonwritable_in_current_image 19792->19793 19794 62f481 19793->19794 19795 62f499 19793->19795 19817 62516b 19794->19817 19796 62f537 19795->19796 19801 62f4ce 19795->19801 19799 62516b __dosmaperr 20 API calls 19796->19799 19802 62f53c 19799->19802 19800 62517e __dosmaperr 20 API calls 19810 62f48e __onexit 19800->19810 19820 62b71d EnterCriticalSection 19801->19820 19804 62517e __dosmaperr 20 API calls 19802->19804 19806 62f544 19804->19806 19805 62f4d4 19807 62f4f0 19805->19807 19808 62f505 19805->19808 19809 624640 __mbsinc 26 API calls 19806->19809 19811 62517e __dosmaperr 20 API calls 19807->19811 19821 62f558 19808->19821 19809->19810 19810->19767 19814 62f4f5 19811->19814 19813 62f500 19872 62f52f 19813->19872 19815 62516b __dosmaperr 20 API calls 19814->19815 19815->19813 19818 628b29 __dosmaperr 20 API calls 19817->19818 19819 625170 19818->19819 19819->19800 19820->19805 19822 62f586 19821->19822 19860 62f57f 19821->19860 19823 62f58a 19822->19823 19824 62f5a9 19822->19824 19826 62516b __dosmaperr 20 API calls 19823->19826 19827 62f5fa 19824->19827 19828 62f5dd 19824->19828 19825 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19829 62f760 19825->19829 19830 62f58f 19826->19830 19832 62f610 19827->19832 19875 62f7e2 19827->19875 19831 62516b __dosmaperr 20 API calls 19828->19831 19829->19813 19833 62517e __dosmaperr 20 API calls 19830->19833 19837 62f5e2 19831->19837 19878 62f0fd 19832->19878 19835 62f596 19833->19835 19838 624640 __mbsinc 26 API calls 19835->19838 19840 62517e __dosmaperr 20 API calls 19837->19840 19838->19860 19843 62f5ea 19840->19843 19841 62f657 19847 62f6b1 WriteFile 19841->19847 19848 62f66b 19841->19848 19842 62f61e 19844 62f622 19842->19844 19845 62f644 19842->19845 19846 624640 __mbsinc 26 API calls 19843->19846 19851 62f718 19844->19851 19885 62f090 19844->19885 19890 62eedd GetConsoleCP 19845->19890 19846->19860 19853 62f6d4 GetLastError 19847->19853 19858 62f63a 19847->19858 19849 62f673 19848->19849 19850 62f6a1 19848->19850 19854 62f691 19849->19854 19855 62f678 19849->19855 19916 62f173 19850->19916 19851->19860 19861 62517e __dosmaperr 20 API calls 19851->19861 19853->19858 19908 62f340 19854->19908 19855->19851 19901 62f252 19855->19901 19858->19851 19858->19860 19862 62f6f4 19858->19862 19860->19825 19864 62f73d 19861->19864 19866 62f6fb 19862->19866 19867 62f70f 19862->19867 19865 62516b __dosmaperr 20 API calls 19864->19865 19865->19860 19868 62517e __dosmaperr 20 API calls 19866->19868 19923 625148 19867->19923 19870 62f700 19868->19870 19871 62516b __dosmaperr 20 API calls 19870->19871 19871->19860 19964 62b740 LeaveCriticalSection 19872->19964 19874 62f535 19874->19810 19928 62f764 19875->19928 19950 62e486 19878->19950 19880 62f112 19880->19841 19880->19842 19881 62f10d 19881->19880 19882 628aa5 _abort 38 API calls 19881->19882 19883 62f135 19882->19883 19883->19880 19884 62f153 GetConsoleMode 19883->19884 19884->19880 19886 62f0ea 19885->19886 19888 62f0b5 19885->19888 19886->19858 19887 630a04 WriteConsoleW CreateFileW 19887->19888 19888->19886 19888->19887 19889 62f0ec GetLastError 19888->19889 19889->19886 19894 62f052 19890->19894 19899 62ef40 19890->19899 19891 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19892 62f08c 19891->19892 19892->19858 19894->19891 19895 62efc6 WideCharToMultiByte 19895->19894 19897 62efec WriteFile 19895->19897 19896 629258 40 API calls __fassign 19896->19899 19898 62f075 GetLastError 19897->19898 19897->19899 19898->19894 19899->19894 19899->19895 19899->19896 19900 62f01d WriteFile 19899->19900 19959 628bfa 19899->19959 19900->19898 19900->19899 19904 62f261 19901->19904 19902 62f323 19903 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19902->19903 19906 62f33c 19903->19906 19904->19902 19905 62f2df WriteFile 19904->19905 19905->19904 19907 62f325 GetLastError 19905->19907 19906->19858 19907->19902 19911 62f34f 19908->19911 19909 62f45a 19910 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19909->19910 19912 62f469 19910->19912 19911->19909 19913 62f3d1 WideCharToMultiByte 19911->19913 19915 62f406 WriteFile 19911->19915 19912->19858 19914 62f452 GetLastError 19913->19914 19913->19915 19914->19909 19915->19911 19915->19914 19921 62f182 19916->19921 19917 62f235 19919 620bbe __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19917->19919 19918 62f1f4 WriteFile 19918->19921 19922 62f237 GetLastError 19918->19922 19920 62f24e 19919->19920 19920->19858 19921->19917 19921->19918 19922->19917 19924 62516b __dosmaperr 20 API calls 19923->19924 19925 625153 __dosmaperr 19924->19925 19926 62517e __dosmaperr 20 API calls 19925->19926 19927 625166 19926->19927 19927->19860 19937 62b7f4 19928->19937 19930 62f776 19931 62f77e 19930->19931 19932 62f78f SetFilePointerEx 19930->19932 19933 62517e __dosmaperr 20 API calls 19931->19933 19934 62f7a7 GetLastError 19932->19934 19935 62f783 19932->19935 19933->19935 19936 625148 __dosmaperr 20 API calls 19934->19936 19935->19832 19936->19935 19938 62b801 19937->19938 19939 62b816 19937->19939 19940 62516b __dosmaperr 20 API calls 19938->19940 19942 62516b __dosmaperr 20 API calls 19939->19942 19944 62b83b 19939->19944 19941 62b806 19940->19941 19943 62517e __dosmaperr 20 API calls 19941->19943 19945 62b846 19942->19945 19947 62b80e 19943->19947 19944->19930 19946 62517e __dosmaperr 20 API calls 19945->19946 19948 62b84e 19946->19948 19947->19930 19949 624640 __mbsinc 26 API calls 19948->19949 19949->19947 19951 62e493 19950->19951 19952 62e4a0 19950->19952 19953 62517e __dosmaperr 20 API calls 19951->19953 19954 62517e __dosmaperr 20 API calls 19952->19954 19956 62e4ac 19952->19956 19955 62e498 19953->19955 19957 62e4cd 19954->19957 19955->19881 19956->19881 19958 624640 __mbsinc 26 API calls 19957->19958 19958->19955 19960 628aa5 _abort 38 API calls 19959->19960 19961 628c05 19960->19961 19962 628d51 __fassign 38 API calls 19961->19962 19963 628c15 19962->19963 19963->19899 19964->19874 19968 630a49 19965->19968 19967 630aef 19967->19789 19969 630a55 ___scrt_is_nonwritable_in_current_image 19968->19969 19979 62b71d EnterCriticalSection 19969->19979 19971 630a63 19972 630a95 19971->19972 19973 630a8a 19971->19973 19975 62517e __dosmaperr 20 API calls 19972->19975 19980 630b72 19973->19980 19976 630a90 19975->19976 19995 630abf 19976->19995 19978 630ab2 __onexit 19978->19967 19979->19971 19981 62b7f4 26 API calls 19980->19981 19983 630b82 19981->19983 19982 630b88 19998 62b763 19982->19998 19983->19982 19985 630bba 19983->19985 19987 62b7f4 26 API calls 19983->19987 19985->19982 19988 62b7f4 26 API calls 19985->19988 19990 630bb1 19987->19990 19991 630bc6 CloseHandle 19988->19991 19989 630c02 19989->19976 19993 62b7f4 26 API calls 19990->19993 19991->19982 19994 630bd2 GetLastError 19991->19994 19992 625148 __dosmaperr 20 API calls 19992->19989 19993->19985 19994->19982 20007 62b740 LeaveCriticalSection 19995->20007 19997 630ac9 19997->19978 19999 62b7d9 19998->19999 20001 62b772 19998->20001 20000 62517e __dosmaperr 20 API calls 19999->20000 20002 62b7de 20000->20002 20001->19999 20006 62b79c 20001->20006 20003 62516b __dosmaperr 20 API calls 20002->20003 20004 62b7c9 20003->20004 20004->19989 20004->19992 20005 62b7c3 SetStdHandle 20005->20004 20006->20004 20006->20005 20007->19997 20008->19763 20009->19743 20017 628990 20018 62899b 20017->20018 20019 6289ab 20017->20019 20023 6289b1 20018->20023 20022 628de9 _free 20 API calls 20022->20019 20024 6289c4 20023->20024 20025 6289ca 20023->20025 20027 628de9 _free 20 API calls 20024->20027 20026 628de9 _free 20 API calls 20025->20026 20028 6289d6 20026->20028 20027->20025 20029 628de9 _free 20 API calls 20028->20029 20030 6289e1 20029->20030 20031 628de9 _free 20 API calls 20030->20031 20032 6289ec 20031->20032 20033 628de9 _free 20 API calls 20032->20033 20034 6289f7 20033->20034 20035 628de9 _free 20 API calls 20034->20035 20036 628a02 20035->20036 20037 628de9 _free 20 API calls 20036->20037 20038 628a0d 20037->20038 20039 628de9 _free 20 API calls 20038->20039 20040 628a18 20039->20040 20041 628de9 _free 20 API calls 20040->20041 20042 628a23 20041->20042 20043 628de9 _free 20 API calls 20042->20043 20044 628a31 20043->20044 20049 62886c 20044->20049 20055 628778 20049->20055 20051 628890 20052 6288bc 20051->20052 20068 6287d9 20052->20068 20054 6288e0 20054->20022 20056 628784 ___scrt_is_nonwritable_in_current_image 20055->20056 20063 62b0d1 EnterCriticalSection 20056->20063 20058 6287b8 20064 6287cd 20058->20064 20059 62878e 20059->20058 20062 628de9 _free 20 API calls 20059->20062 20061 6287c5 __onexit 20061->20051 20062->20058 20063->20059 20067 62b121 LeaveCriticalSection 20064->20067 20066 6287d7 20066->20061 20067->20066 20069 6287e5 ___scrt_is_nonwritable_in_current_image 20068->20069 20076 62b0d1 EnterCriticalSection 20069->20076 20071 6287ef 20077 628a5a 20071->20077 20073 628802 20081 628818 20073->20081 20075 628810 __onexit 20075->20054 20076->20071 20078 628a90 __fassign 20077->20078 20079 628a69 __fassign 20077->20079 20078->20073 20079->20078 20080 62bba7 __fassign 20 API calls 20079->20080 20080->20078 20084 62b121 LeaveCriticalSection 20081->20084 20083 628822 20083->20075 20084->20083

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 006152F0 Relevance: 231.5, APIs: 95, Strings: 36, Instructions: 2278synchronizationfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000103), ref: 0061548F
                                                                                                                                                                                                                                                                              • Part of subcall function 00617FE0: GetVersionExW.KERNEL32(?), ref: 00618004
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 006154D6
                                                                                                                                                                                                                                                                              • Part of subcall function 00617E70: OpenProcessToken.ADVAPI32(Ta,00000008,?,7A2810E3,?,00000000), ref: 00617EAC
                                                                                                                                                                                                                                                                              • Part of subcall function 00617E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,006320C0), ref: 00617ED9
                                                                                                                                                                                                                                                                              • Part of subcall function 00617E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00617F15
                                                                                                                                                                                                                                                                              • Part of subcall function 00617E70: IsValidSid.ADVAPI32 ref: 00617F22
                                                                                                                                                                                                                                                                              • Part of subcall function 00617E70: GetSidSubAuthorityCount.ADVAPI32 ref: 00617F31
                                                                                                                                                                                                                                                                              • Part of subcall function 00617E70: GetSidSubAuthority.ADVAPI32(?,?), ref: 00617F3D
                                                                                                                                                                                                                                                                              • Part of subcall function 00617E70: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00617F4F
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,0000052F), ref: 006154FC
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 0061550A
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000000C1), ref: 00615593
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 006155A2
                                                                                                                                                                                                                                                                            • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 006155D9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006155E9
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000420), ref: 00615602
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006175E3
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006175F4
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00617605
                                                                                                                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 006176A1
                                                                                                                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 006176B3
                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 006176EF
                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00617707
                                                                                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 00617718
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0061771F
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00617817
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B70: #17.COMCTL32 ref: 00613B84
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B70: LoadStringW.USER32(00610000,000003E9,?,00000000), ref: 00613BA1
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B70: LoadStringW.USER32(00610000,?,?,00000000), ref: 00613BBA
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B70: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00613BCF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExchangeInterlocked$Close$Handle$LoadToken$AuthorityCreateInformationMutexProcessString_wcsrchr$ChangeCopyCountCurrentErrorFileFindHardHelper2@8LastLinkMessageNotificationOpenReleaseValidVersion___delay
                                                                                                                                                                                                                                                                            • String ID: $ /cookie:$ /edat_dir:$ /ga_clientid:$ /sub_edition:$%s\%s$/cookie$/cust_ini$/ppi_icd$/silent$/smbupd$AuthorizationType$Avast One$D$Enabled$Password$Port$Properties$ProxySettings$ProxyType$User$User-Agent: avast! Antivirus (instup)$X>c$allow_fallback$avcfg://settings/Common/VersionSwitch$count$enable$http://$https://$installer.exe$mirror$server0$servers$stable$urlpgm${versionSwitch}
                                                                                                                                                                                                                                                                            • API String ID: 1293912049-2085379066
                                                                                                                                                                                                                                                                            • Opcode ID: 18e338db307d16225148032ebb9cb548f0b378d7d1014f0e0188d34a9978bf33
                                                                                                                                                                                                                                                                            • Instruction ID: 48756bf310fe30b167d7a0fac113e1752727d307a82915b8deb5c9f381903b17
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18e338db307d16225148032ebb9cb548f0b378d7d1014f0e0188d34a9978bf33
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC238C71E012289AEF64DB64CC45BEDB7BAAF45305F0841D9E409A3292DB70AFC4CF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061BB70 Relevance: 41.0, APIs: 13, Strings: 10, Instructions: 777filelibraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 783 61bb70-61bbdd GetVersion 784 61bbe8-61bbf0 783->784 785 61bbdf-61bbe6 783->785 787 61bcf5-61bd2c GetModuleHandleW GetProcAddress 784->787 788 61bbf6-61bc11 GetModuleHandleW GetProcAddress 784->788 786 61bc58-61bc92 call 625191 * 3 call 620bbe 785->786 790 61bd32-61bd71 787->790 791 61bf1a 787->791 788->786 792 61bc13-61bc2c GetSystemFirmwareTable 788->792 790->791 811 61bd77-61bd95 MapViewOfFile 790->811 794 61bf1c 791->794 802 61bc55 792->802 803 61bc2e-61bc4c call 625196 792->803 796 61bf21-61bf2d 794->796 800 61bf39-61bf3b 796->800 801 61bf2f-61bf36 CloseHandle 796->801 805 61bf41-61bf59 call 61cb00 800->805 806 61c45d-61c45f 800->806 801->800 802->786 818 61bc93-61bcbd call 621ee0 GetSystemFirmwareTable 803->818 819 61bc4e 803->819 821 61bf87-61bf9f call 61cb00 805->821 822 61bf5b-61bf75 call 61c490 805->822 806->786 812 61c465-61c46c UnmapViewOfFile 806->812 816 61bf16-61bf18 811->816 817 61bd9b-61bd9f 811->817 812->786 816->794 823 61bda0-61bda6 817->823 818->802 845 61bcbf-61bccd 818->845 819->802 834 61bfa1-61bfc2 call 61c490 * 2 821->834 835 61bfc5-61bfdd call 61cb00 821->835 836 61bf77 822->836 837 61bf7f-61bf83 822->837 827 61bdb5-61bdbe 823->827 828 61bda8-61bdb3 823->828 832 61bf12-61bf14 827->832 833 61bdc4-61bdc9 827->833 828->823 828->827 832->794 833->832 838 61bdcf-61bdd1 833->838 834->835 853 61c003-61c01b call 61cb00 835->853 854 61bfdf-61c000 call 61c490 * 2 835->854 836->821 842 61bf79-61bf7d 836->842 837->821 843 61bdd3-61bdd5 838->843 844 61bddb-61bde7 838->844 842->821 842->837 843->832 843->844 844->832 848 61bded-61bdf4 844->848 846 61bcdc-61bcf0 845->846 847 61bccf-61bcd7 845->847 846->805 847->802 848->832 851 61bdfa-61be02 848->851 851->832 856 61be08-61be10 851->856 862 61c01d-61c031 853->862 863 61c05c 853->863 854->853 856->832 860 61be16-61be25 856->860 860->832 864 61be2b-61be67 UnmapViewOfFile MapViewOfFile 860->864 866 61c033 862->866 867 61c03b-61c059 call 61c490 * 2 862->867 870 61c060-61c070 call 61b780 863->870 868 61bf0d-61bf10 864->868 869 61be6d-61be8d call 625196 864->869 866->863 872 61c035-61c039 866->872 867->863 868->794 880 61be9f-61bedd call 621ee0 call 6217c0 UnmapViewOfFile 869->880 881 61be8f-61be9a 869->881 882 61c471-61c476 call 619da0 870->882 883 61c076-61c0ae call 61cb00 870->883 872->863 872->867 880->796 881->796 887 61c47b-61c485 call 619da0 882->887 897 61c0b4-61c0b9 883->897 898 61c389-61c39e 883->898 899 61c0cb-61c0e2 call 61c490 897->899 900 61c0bb 897->900 901 61c3a0-61c3b0 898->901 902 61c3b7-61c3bc 898->902 918 61c1a5-61c1b9 call 61c490 899->918 919 61c0e8-61c108 899->919 905 61c0c1-61c0c5 900->905 906 61c352-61c367 900->906 923 61c3b4 901->923 903 61c3c7-61c3dd call 61cb00 902->903 904 61c3be 902->904 925 61c3f7-61c3fa 903->925 926 61c3df-61c3f4 call 61c490 903->926 908 61c3c0-61c3c5 904->908 909 61c3fc 904->909 905->899 905->906 911 61c369-61c379 906->911 912 61c37d-61c381 906->912 908->903 915 61c403-61c405 908->915 920 61c407-61c420 call 61cb00 909->920 921 61c3fe 909->921 911->912 912->870 917 61c387 912->917 915->920 922 61c457 915->922 917->923 938 61c27c-61c293 call 61c490 918->938 939 61c1bf-61c1df 918->939 919->887 928 61c10e-61c110 919->928 933 61c45a 920->933 940 61c422-61c455 call 61c490 * 3 920->940 921->922 930 61c400 921->930 922->933 923->902 925->909 926->925 934 61c112-61c114 928->934 935 61c116-61c123 call 625637 928->935 930->915 933->806 942 61c125-61c131 934->942 935->942 938->906 955 61c299-61c2b6 938->955 939->887 944 61c1e5-61c1e7 939->944 940->933 942->887 946 61c137-61c139 942->946 948 61c1e9-61c1eb 944->948 949 61c1ed-61c1fa call 625637 944->949 946->887 951 61c13f-61c153 946->951 953 61c1fc-61c208 948->953 949->953 956 61c155-61c166 call 61c8c0 951->956 957 61c168 951->957 953->887 962 61c20e-61c210 953->962 955->887 960 61c2bc-61c2be 955->960 964 61c16b-61c193 call 61cfb0 956->964 957->964 965 61c2c0-61c2c2 960->965 966 61c2c4-61c2d1 call 625637 960->966 962->887 968 61c216-61c22a 962->968 964->887 980 61c199-61c1a1 964->980 971 61c2d3-61c2df 965->971 966->971 973 61c22c-61c23d call 61c8c0 968->973 974 61c23f 968->974 971->887 979 61c2e5-61c2e7 971->979 981 61c242-61c26a call 61cfb0 973->981 974->981 979->887 983 61c2ed-61c301 979->983 980->918 981->887 988 61c270-61c278 981->988 985 61c303-61c314 call 61c8c0 983->985 986 61c316 983->986 989 61c319-61c343 call 61cfb0 985->989 986->989 988->938 989->887 994 61c349-61c34e 989->994 994->906
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetVersion.KERNEL32(7A2810E3,00000000,00000000), ref: 0061BBCD
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemFirmwareTable), ref: 0061BC00
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0061BC07
                                                                                                                                                                                                                                                                            • GetSystemFirmwareTable.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0061BC26
                                                                                                                                                                                                                                                                            • GetSystemFirmwareTable.KERNELBASE ref: 0061BCB9
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll,NtOpenSection), ref: 0061BD1B
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0061BD22
                                                                                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,00000004,00000000,000F0000,00010000), ref: 0061BD88
                                                                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 0061BE31
                                                                                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,00000004,00000000,?,?), ref: 0061BE5A
                                                                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 0061BECA
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0061BF30
                                                                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 0061C466
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileView$HandleUnmap$AddressFirmwareModuleProcSystemTable$CloseVersion
                                                                                                                                                                                                                                                                            • String ID: ,$@$GetSystemFirmwareTable$LKc$NtOpenSection$W$_DMI$_SM_$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                                                                            • API String ID: 26960555-3227203150
                                                                                                                                                                                                                                                                            • Opcode ID: 730e1e872a41f2eeb90469cc54c7f0796f367dd64fdbb57c334295d56bfde7e6
                                                                                                                                                                                                                                                                            • Instruction ID: bfdce157faa7d101047e161429a1720b59d4f6047f51f16828e590a0955ae799
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 730e1e872a41f2eeb90469cc54c7f0796f367dd64fdbb57c334295d56bfde7e6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E52B2B1E006589FDB10CFA8CC55BEEBBF6AF49324F184119E955EB341D730A982CB94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00611930 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 243commemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 995 611930-611960 FindResourceW 996 6119d1-6119d6 995->996 997 611962-611977 SizeofResource LoadResource 995->997 998 611bd9-611beb call 620bbe 996->998 999 6119dc-6119ee CoInitializeEx 996->999 997->996 1000 611979-611984 LockResource 997->1000 1001 6119f4-611a0e CoCreateInstance 999->1001 1002 611a96-611a9b 999->1002 1000->996 1004 611986-611995 GlobalAlloc 1000->1004 1001->1002 1005 611a14-611a2c 1001->1005 1006 611aad-611ab2 1002->1006 1007 611a9d-611aab 1002->1007 1004->996 1009 611997-6119a0 GlobalLock 1004->1009 1005->1002 1024 611a2e-611a4a 1005->1024 1010 611bb5-611bd8 call 620bbe 1006->1010 1011 611ab8-611ae7 1006->1011 1007->1006 1012 6119c3-6119c8 1009->1012 1013 6119a2-6119bd call 6217c0 GlobalUnlock CreateStreamOnHGlobal 1009->1013 1025 611ba5-611bb3 1011->1025 1026 611aed-611af2 1011->1026 1012->999 1014 6119ca-6119cb GlobalFree 1012->1014 1013->1012 1014->996 1024->1002 1035 611a4c-611a50 1024->1035 1025->1010 1026->1025 1028 611af8-611afd 1026->1028 1028->1025 1032 611b03-611b68 GetDC CreateDIBSection ReleaseDC 1028->1032 1032->1025 1033 611b6a-611b8f 1032->1033 1039 611b91-611b93 1033->1039 1035->1002 1036 611a52-611a70 1035->1036 1036->1002 1042 611a72-611a7e call 617809 1036->1042 1039->1025 1040 611b95-611b9e DeleteObject 1039->1040 1040->1025 1044 611a83-611a94 1042->1044 1044->1002
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,?,PNG,?,?,?), ref: 00611956
                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,?,?), ref: 00611964
                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,?), ref: 0061196F
                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,?), ref: 0061197A
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000002,?,?,?,?), ref: 0061198B
                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000,?,?,?), ref: 00611998
                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?), ref: 006119B0
                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?), ref: 006119BD
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006119CB
                                                                                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,?,?), ref: 006119E6
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00633EF4,00000000,00000001,0063366C,?,?,?,?), ref: 00611A06
                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00611B3B
                                                                                                                                                                                                                                                                            • CreateDIBSection.GDI32(00000000,00000028,00000000,00000000,00000000,00000000), ref: 00611B52
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00611B5E
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00611B98
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Global$Resource$Create$Lock$AllocDeleteFindFreeInitializeInstanceLoadObjectReleaseSectionSizeofStreamUnlock
                                                                                                                                                                                                                                                                            • String ID: ($PNG
                                                                                                                                                                                                                                                                            • API String ID: 3552602207-4064097209
                                                                                                                                                                                                                                                                            • Opcode ID: f1278f787ac496137085e28b7abb8209847823a69949184be64a9a002ab5059a
                                                                                                                                                                                                                                                                            • Instruction ID: e75c4bca4bfc7be1e8b533b6874b547b4acebcb8cd03d2e7c529b3d2cafab617
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1278f787ac496137085e28b7abb8209847823a69949184be64a9a002ab5059a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05917C71A01229AFDB00CFA5DC98BEEBBBAFF49700F145159E905AB350DB719E41CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006141B0 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 132stringtimeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 006141D4
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006141ED
                                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(0000009C,?,?,00989680,00000000), ref: 00614217
                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE(?), ref: 0061422E
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 006142DC
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 006142FF
                                                                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00614316
                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0061436E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: SystemTimewsprintf$FileInfoNativeUnothrow_t@std@@@Version__ehfuncinfo$??2@lstrcatlstrlen
                                                                                                                                                                                                                                                                            • String ID: status=%08lxstatus_microstub=%08lx%08lx$AMD64$cookie=%lsedition=%ldevent=%smidex=%lsstat_session=%lsstatsSendTime=%I64dos=win,%d,%d,%d,%d,%d,%s%sexe_version=%lsSfxVersion=%ls$microstub$srv$x:c$8c$:c
                                                                                                                                                                                                                                                                            • API String ID: 2179732243-4278577565
                                                                                                                                                                                                                                                                            • Opcode ID: 375051427abfcd64dd20ccf0a28fce962e0b1e951a55be74e3fed5f0bcd567f6
                                                                                                                                                                                                                                                                            • Instruction ID: 03a3e6ebe5fea3e8d61ff9389f22c66ba7601700eecfa849f85662500d55f3f2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 375051427abfcd64dd20ccf0a28fce962e0b1e951a55be74e3fed5f0bcd567f6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A5141B1A002289FDF60CF64DC44B9ABBBAEF48305F0041D9EA09A7251DB719E94DF94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006138C0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1217 6138c0-6138f1 CreateFileMappingW 1218 613900-613914 MapViewOfFile 1217->1218 1219 6138f3-6138fb GetLastError 1217->1219 1221 613920-61392d FindResourceW 1218->1221 1222 613916-61391e GetLastError 1218->1222 1220 613996-6139b1 SetLastError call 620bbe 1219->1220 1225 61397f-613985 GetLastError 1221->1225 1226 61392f-613939 LoadResource 1221->1226 1224 61398e-613995 CloseHandle 1222->1224 1224->1220 1227 613987-613988 UnmapViewOfFile 1225->1227 1226->1225 1229 61393b-613953 call 620602 1226->1229 1227->1224 1229->1225 1232 613955-61397d wsprintfW 1229->1232 1232->1227
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileMappingW.KERNELBASE(?,00000000,01000002,00000000,00000000,00000000,?), ref: 006138E7
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006138F3
                                                                                                                                                                                                                                                                            • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?), ref: 0061390A
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00613916
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0061398F
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 00613997
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$File$CloseCreateHandleMappingView
                                                                                                                                                                                                                                                                            • String ID: %d.%d.%d.%d
                                                                                                                                                                                                                                                                            • API String ID: 1867540158-3491811756
                                                                                                                                                                                                                                                                            • Opcode ID: 7df6bb1f817df9213e104806e75f562411e4f615d1586ee4d68b998107154de5
                                                                                                                                                                                                                                                                            • Instruction ID: da1dc4fec1873552db4579d2225319661eb6e3a86366db5842f9639ed93420ed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7df6bb1f817df9213e104806e75f562411e4f615d1586ee4d68b998107154de5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA218F71A00224BBD7205B659C49BBBBB6AEB44B51F144459FD06E6381EB748A41CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061A100 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 329fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1267 61a100-61a148 call 61b780 1270 61a4b7-61a4bc call 619da0 1267->1270 1271 61a14e-61a1b7 GetVersion call 619ff0 CreateFileW 1267->1271 1273 61a4c1-61a4c6 call 619da0 1270->1273 1282 61a1c7-61a1db call 625196 1271->1282 1283 61a1b9-61a1c2 GetLastError 1271->1283 1276 61a4cb-61a4d0 call 619da0 1273->1276 1281 61a4d5-61a4da call 61cc40 1276->1281 1290 61a1e9-61a229 call 621ee0 DeviceIoControl 1282->1290 1291 61a1dd-61a1e4 1282->1291 1285 61a46e-61a482 call 625191 1283->1285 1295 61a484-61a494 1285->1295 1296 61a498-61a4b6 call 620bbe 1285->1296 1300 61a239-61a23e 1290->1300 1301 61a22b-61a234 GetLastError 1290->1301 1293 61a465-61a468 CloseHandle 1291->1293 1293->1285 1295->1296 1303 61a244-61a247 1300->1303 1304 61a45e 1300->1304 1301->1293 1303->1304 1305 61a24d-61a252 1303->1305 1304->1293 1306 61a258 1305->1306 1307 61a41b-61a420 1305->1307 1310 61a265-61a273 call 61b780 1306->1310 1311 61a25a-61a25f 1306->1311 1308 61a422-61a436 call 61cb70 call 61cc50 1307->1308 1309 61a438-61a43d 1307->1309 1308->1293 1314 61a440-61a445 1309->1314 1310->1273 1319 61a279-61a29b 1310->1319 1311->1307 1311->1310 1314->1314 1315 61a447-61a45c call 61cb70 call 61cc50 1314->1315 1315->1293 1319->1276 1327 61a2a1-61a2b0 1319->1327 1328 61a2b2-61a2bb call 61c8c0 1327->1328 1329 61a2be-61a2d7 call 61cdd0 1327->1329 1328->1329 1334 61a2d9-61a2db 1329->1334 1335 61a2dd-61a2eb call 625637 1329->1335 1336 61a2f1-61a2f4 1334->1336 1335->1276 1335->1336 1336->1276 1339 61a2fa-61a30e 1336->1339 1340 61a3e2-61a3f3 1339->1340 1341 61a314-61a321 1339->1341 1342 61a3f5-61a40b 1340->1342 1343 61a40e-61a419 call 61cc50 1340->1343 1344 61a3d7-61a3dd call 61cb70 1341->1344 1345 61a327-61a32e 1341->1345 1342->1343 1343->1293 1344->1340 1345->1344 1347 61a334-61a354 1345->1347 1354 61a362-61a37f 1347->1354 1355 61a356-61a358 1347->1355 1354->1281 1362 61a385-61a39e call 61cfb0 1354->1362 1355->1354 1356 61a35a-61a360 1355->1356 1358 61a3a1-61a3ae 1356->1358 1359 61a3b0-61a3c7 1358->1359 1360 61a3ca-61a3d5 1358->1360 1359->1360 1360->1340 1362->1358
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetVersion.KERNEL32 ref: 0061A180
                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 0061A1A9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0061A1B9
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0061A468
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLastVersion
                                                                                                                                                                                                                                                                            • String ID: DVa$SCSIDISK$\\.\PhysicalDrive%u$\\.\Scsi%u:
                                                                                                                                                                                                                                                                            • API String ID: 1515857667-20699572
                                                                                                                                                                                                                                                                            • Opcode ID: 605ba85559e93773499dadf6f2e85b7a05907da2503dfb2eb21e6b11b5e2d2a0
                                                                                                                                                                                                                                                                            • Instruction ID: 34f553c70709e1d17f729755359468a920c6e23b7a6af0dbb746095f463a4d31
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 605ba85559e93773499dadf6f2e85b7a05907da2503dfb2eb21e6b11b5e2d2a0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22C1AF70A01218DFDB14DFA4D885AEDB7B6FF48310F18815DE806AB391DB71AD41CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00618DC0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 88encryptionstringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1449 618dc0-618e4b call 621ee0 call 617fe0 1454 618e4d-618e56 lstrcatA 1449->1454 1455 618e5c-618e75 CryptAcquireContextA 1449->1455 1454->1455 1456 618ea7-618ed4 GetLastError call 617da0 call 62203a 1455->1456 1457 618e77-618e80 1455->1457 1466 618ed6-618ed9 CryptReleaseContext 1456->1466 1467 618edf 1456->1467 1459 618e82-618e85 CryptReleaseContext 1457->1459 1460 618e8b-618ea6 call 620bbe 1457->1460 1459->1460 1466->1467
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00617FE0: GetVersionExW.KERNEL32(?), ref: 00618004
                                                                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?, (Prototype),?,7A2810E3,?), ref: 00618E56
                                                                                                                                                                                                                                                                            • CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,7A2810E3,?), ref: 00618E6D
                                                                                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000,?,7A2810E3,?), ref: 00618E85
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,7A2810E3,?), ref: 00618EAC
                                                                                                                                                                                                                                                                              • Part of subcall function 00617DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00617DD8
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00618ECA
                                                                                                                                                                                                                                                                              • Part of subcall function 0062203A: RaiseException.KERNEL32(?,?,00618071,?,?,?,?,?,?,?,?,00618071,?,0063B144,00000000), ref: 0062209A
                                                                                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000,?,0063B144,00000000,?,7A2810E3,?), ref: 00618ED9
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ContextCrypt$Release$AcquireErrorExceptionException@8LastRaiseThrowVersion___std_exception_copylstrcat
                                                                                                                                                                                                                                                                            • String ID: (Prototype)$Unable to acquire cryptographic provider!$vider
                                                                                                                                                                                                                                                                            • API String ID: 2041426586-155044149
                                                                                                                                                                                                                                                                            • Opcode ID: a17b36a8eb6aa0c367c6e2fa81d1f53fdb58e05dffc27a315fb13aaa797242d1
                                                                                                                                                                                                                                                                            • Instruction ID: 779b2129a45f0968a89329e541e029d0f38fbf14c60f8fd729d396aca3691e6b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a17b36a8eb6aa0c367c6e2fa81d1f53fdb58e05dffc27a315fb13aaa797242d1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E317075D046189BDB10DFA8DC45BEEB7B9FF08704F10521AF904A7291EF706584CB94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00619250 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptGenRandom.ADVAPI32(00000008,00619209,7A2810E3,?,00619209,0000800C,?,?,0063B144,00000000,?,?,?,?,00632269,000000FF), ref: 006192A8
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to generate random number!,?,00619209,0000800C,?,?,0063B144,00000000,?,?,?,?,00632269,000000FF), ref: 00619320
                                                                                                                                                                                                                                                                              • Part of subcall function 00617DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00617DD8
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00619338
                                                                                                                                                                                                                                                                              • Part of subcall function 0062203A: RaiseException.KERNEL32(?,?,00618071,?,?,?,?,?,?,?,?,00618071,?,0063B144,00000000), ref: 0062209A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptErrorExceptionException@8LastRaiseRandomThrow___std_exception_copy
                                                                                                                                                                                                                                                                            • String ID: Unable to generate random number!$c
                                                                                                                                                                                                                                                                            • API String ID: 4207938790-3288770210
                                                                                                                                                                                                                                                                            • Opcode ID: eb67d2928d5175091b77e4d89c5239251510aa3698f85cffeec450adb42eeb82
                                                                                                                                                                                                                                                                            • Instruction ID: 26e2a22a9eec1204c237c822acd4834e46faa9a88dd6fdad4933ebd072913d00
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb67d2928d5175091b77e4d89c5239251510aa3698f85cffeec450adb42eeb82
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8421DE70A00658ABCB54DFA4D842FEDB7BAFB04710F050729F912A32C1DB316A808BA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00619450 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00618378,0000800C,7A2810E3,?), ref: 00619470
                                                                                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(?,00000000), ref: 00619489
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to create hash context!), ref: 006194A4
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 006194BC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Unable to create hash context!, xrefs: 0061949F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptHash$CreateDestroyErrorException@8LastThrow
                                                                                                                                                                                                                                                                            • String ID: Unable to create hash context!
                                                                                                                                                                                                                                                                            • API String ID: 1323042765-1944974401
                                                                                                                                                                                                                                                                            • Opcode ID: ecaf937d8ca6d836d5709c410aa42f4b18454e5cb0b474d98aa2f2b14d845c14
                                                                                                                                                                                                                                                                            • Instruction ID: 8682b8e8a7e7f55ec62c13b2bdd56d9443556a0a9223530311729ba94448fdb4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecaf937d8ca6d836d5709c410aa42f4b18454e5cb0b474d98aa2f2b14d845c14
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74018675500218AFDB14EFA0DC55EEEBBBAEF04700F00005DB90197290DB30AD44CBE4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00618130 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(wintrust.dll,?,?,0063B144,00000000), ref: 00618136
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 00618149
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,0063B144,00000000), ref: 00618152
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: CryptCATAdminAcquireContext2$wintrust.dll
                                                                                                                                                                                                                                                                            • API String ID: 145871493-3385133079
                                                                                                                                                                                                                                                                            • Opcode ID: 736c69bd56fea5dc3c0edbf82e94903bad74360c46dd15385d87228e88676096
                                                                                                                                                                                                                                                                            • Instruction ID: e53e06dea17ee25ce4a3158921f5dc431b257ef247de2c5c53086f09fbf5a497
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 736c69bd56fea5dc3c0edbf82e94903bad74360c46dd15385d87228e88676096
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31D05E336006317B4B1017A97C0E9CBBB779EC2E6231A1259F80197318CE688982A1D0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061F080 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,0061FCDE,?,?,?,?,?,00000000), ref: 0061F0A3
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,0061FCDE,?,?,?,?,?,00000000), ref: 0061F0AA
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,0061FCDE,?,?,?,?,?,00000000), ref: 0061F0E2
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,00000000), ref: 0061F0E9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocateFree
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 576844849-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9c59ab9520a23c593262ee7c02bca2d22dbaa26a23f08bacd8876ba9af36dded
                                                                                                                                                                                                                                                                            • Instruction ID: 00879346d10885e3228e196837f0d01bf501f167047ac362247d131143c0e9ac
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c59ab9520a23c593262ee7c02bca2d22dbaa26a23f08bacd8876ba9af36dded
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C01D271604611AFE7109F99EC45AA7B7DEEB44321F04852AF51AC6261D731E8408BA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061B0E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 449encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0061B780: GetProcessHeap.KERNEL32(DVa), ref: 0061B7DC
                                                                                                                                                                                                                                                                              • Part of subcall function 00618DC0: lstrcatA.KERNEL32(?, (Prototype),?,7A2810E3,?), ref: 00618E56
                                                                                                                                                                                                                                                                              • Part of subcall function 00618DC0: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,7A2810E3,?), ref: 00618E6D
                                                                                                                                                                                                                                                                              • Part of subcall function 00618DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,7A2810E3,?), ref: 00618E85
                                                                                                                                                                                                                                                                              • Part of subcall function 00619450: CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00618378,0000800C,7A2810E3,?), ref: 00619470
                                                                                                                                                                                                                                                                              • Part of subcall function 00619450: CryptDestroyHash.ADVAPI32(?,00000000), ref: 00619489
                                                                                                                                                                                                                                                                              • Part of subcall function 00618DC0: GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,7A2810E3,?), ref: 00618EAC
                                                                                                                                                                                                                                                                              • Part of subcall function 00618DC0: __CxxThrowException@8.LIBVCRUNTIME ref: 00618ECA
                                                                                                                                                                                                                                                                              • Part of subcall function 00618DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,0063B144,00000000,?,7A2810E3,?), ref: 00618ED9
                                                                                                                                                                                                                                                                              • Part of subcall function 00619450: GetLastError.KERNEL32(Unable to create hash context!), ref: 006194A4
                                                                                                                                                                                                                                                                              • Part of subcall function 00619450: __CxxThrowException@8.LIBVCRUNTIME ref: 006194BC
                                                                                                                                                                                                                                                                              • Part of subcall function 0061C500: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0061C5FD
                                                                                                                                                                                                                                                                              • Part of subcall function 0061C500: GetLastError.KERNEL32(?,?,?,?,00632548), ref: 0061C607
                                                                                                                                                                                                                                                                              • Part of subcall function 00619340: CryptGetHashParam.ADVAPI32(?,00000004,0000800C,00618744,00000000,7A2810E3,?,?,?,00000000), ref: 00619395
                                                                                                                                                                                                                                                                              • Part of subcall function 00619340: CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 006193DC
                                                                                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 0061B5EF
                                                                                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 0061B623
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Crypt$Hash$ContextDestroyErrorLast$Exception@8ParamReleaseThrow$AcquireCreateDirectoryHeapProcessSystemlstrcat
                                                                                                                                                                                                                                                                            • String ID: DVa
                                                                                                                                                                                                                                                                            • API String ID: 2781682779-1585862418
                                                                                                                                                                                                                                                                            • Opcode ID: 4a723cf4ecda5b11b7d7c6df15c4d0f2fdeffd4a878844d39067b27e4ebcca04
                                                                                                                                                                                                                                                                            • Instruction ID: 71b997a9d9db9f86a6e6cc2a72b769fbce72a4968f874f96242eaa1eb8039dfb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a723cf4ecda5b11b7d7c6df15c4d0f2fdeffd4a878844d39067b27e4ebcca04
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B127F35D012688BDB21DB68CC44BDDBBB6AF45314F1882DAD809A7382DB359F84CF95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006182F0 Relevance: 1.6, APIs: 1, Instructions: 90encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,00000000,00000004,?,00618744,0000800C,7A2810E3,?), ref: 006183CB
                                                                                                                                                                                                                                                                              • Part of subcall function 00619020: CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,7A2810E3,?,?,00618744,?,?,?,?,00632269,000000FF), ref: 00619088
                                                                                                                                                                                                                                                                              • Part of subcall function 00619020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00632269,000000FF), ref: 006190A4
                                                                                                                                                                                                                                                                              • Part of subcall function 00619020: CryptHashData.ADVAPI32(?,?,7A2810E3,00000000,?,?,?,?,00632269,000000FF), ref: 006190BB
                                                                                                                                                                                                                                                                              • Part of subcall function 00619020: CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,00632269,000000FF), ref: 006190E4
                                                                                                                                                                                                                                                                              • Part of subcall function 00619020: CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,00632269,000000FF), ref: 00619128
                                                                                                                                                                                                                                                                              • Part of subcall function 00619020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00632269,000000FF), ref: 0061913E
                                                                                                                                                                                                                                                                              • Part of subcall function 00619020: CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,00632269,000000FF), ref: 0061914E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Crypt$Hash$Destroy$Param$ContextCreateDataRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2857581251-0
                                                                                                                                                                                                                                                                            • Opcode ID: aeec85ee3c1bc3e42dfcb57f878c4eb946a085050e95f8fceead9ffd2ba69d47
                                                                                                                                                                                                                                                                            • Instruction ID: b705f5edf86be68bf5286d9e758fae1a91ea8a430cceec35901cd38a411b1332
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aeec85ee3c1bc3e42dfcb57f878c4eb946a085050e95f8fceead9ffd2ba69d47
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17311AB5D0020AAFEB10DF95C992BEFBBB9FB54714F044119E911A3281DB74AA44CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006127B0 Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 331COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 646 6127b0-6127ce 647 6127d0-6127d2 646->647 648 6127d9 646->648 647->648 649 6127d4-6127d7 647->649 650 6127db-6127dd 648->650 649->650 651 6127e5 650->651 652 6127df-6127e3 650->652 653 6127e7-612808 call 613b30 651->653 652->651 652->653 657 612817-61282f 653->657 658 61280a-612812 GetLastError 653->658 662 612831-612839 GetLastError 657->662 663 61283e-61286a 657->663 659 612b75-612b90 SetLastError call 620bbe 658->659 665 612b6c 662->665 667 612879-61287d 663->667 668 61286c-612874 GetLastError 663->668 665->659 670 6128b6-6128b9 667->670 671 61287f-612884 667->671 669 612b62-612b6b 668->669 669->665 673 612924-612934 670->673 674 6128bb-6128d5 670->674 671->670 672 612886-6128b0 671->672 672->670 682 612b53-612b59 GetLastError 672->682 676 612981-612983 673->676 677 612936-612938 673->677 674->682 683 6128db-6128ec call 617fe0 674->683 679 612988-6129a3 676->679 677->676 681 61293a-61293d 677->681 679->682 692 6129a9-6129b4 679->692 681->676 684 61293f-61294c GetFileSizeEx 681->684 687 612b5b 682->687 695 6128f5-61291e 683->695 696 6128ee 683->696 684->682 688 612952-612955 684->688 687->669 689 612985 688->689 690 612957-61295a 688->690 689->679 693 612960-61297f wsprintfW 690->693 694 61295c-61295e 690->694 692->682 699 6129ba-6129db 692->699 693->679 694->689 694->693 695->673 695->682 696->695 699->682 702 6129e1-6129ed 699->702 702->687 703 6129f3-6129f9 702->703 703->687 704 6129ff-612a03 703->704 705 612a43-612a60 704->705 706 612a05-612a0b 704->706 711 612a73-612a77 705->711 712 612a62-612a6d GetLastError 705->712 706->705 707 612a0d-612a28 SetFilePointerEx 706->707 707->682 708 612a2e-612a39 SetEndOfFile 707->708 708->682 710 612a3f 708->710 710->705 713 612a79-612a7e 711->713 714 612a8a-612aa3 GetProcessHeap RtlAllocateHeap 711->714 712->682 712->711 713->714 715 612a80-612a84 InterlockedExchange 713->715 714->682 716 612aa9-612aae 714->716 715->714 717 612ab0-612ac5 716->717 719 612ac7-612ade WriteFile 717->719 720 612afe-612b04 GetLastError 717->720 719->720 721 612ae0-612aea 719->721 722 612b06-612b0b 720->722 723 612af4-612af7 721->723 724 612aec-612aee InterlockedExchangeAdd 721->724 725 612b0d-612b0f 722->725 726 612b3c-612b51 GetProcessHeap RtlFreeHeap 722->726 723->722 727 612af9-612afc 723->727 724->723 725->726 728 612b11-612b25 SetFilePointerEx 725->728 726->687 727->717 729 612b34-612b3a GetLastError 728->729 730 612b27-612b32 SetEndOfFile 728->730 729->726 730->726 730->729
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$FileSizewsprintf
                                                                                                                                                                                                                                                                            • String ID: %hs%d-$DAa$Range: bytes=
                                                                                                                                                                                                                                                                            • API String ID: 297799064-3167974902
                                                                                                                                                                                                                                                                            • Opcode ID: 19e69f2a761c06831a916792d6e160499f27ae5d26f3cf30c824dce9c7e2bbfe
                                                                                                                                                                                                                                                                            • Instruction ID: 7f0be2da49f74ddc795135049e64e09a4f25e0977509e32d4758e790eee32da7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19e69f2a761c06831a916792d6e160499f27ae5d26f3cf30c824dce9c7e2bbfe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5C16170A00306AFEB248FA5DC58BEEBBBAFF04705F184518E906D6390D771D995CB60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006121B0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 241timelibraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001), ref: 00612233
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(04F3EDCC,00000000), ref: 00612244
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00612250
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 0061226E
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 006122B5
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 006122BC
                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 006122D8
                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,00000019,?), ref: 0061230B
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00612317
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000010,?,?), ref: 00612401
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 0061242E
                                                                                                                                                                                                                                                                              • Part of subcall function 00611FC0: CreateSolidBrush.GDI32(00824049), ref: 00612021
                                                                                                                                                                                                                                                                              • Part of subcall function 00611FC0: CreateSolidBrush.GDI32(00F67000), ref: 00612064
                                                                                                                                                                                                                                                                              • Part of subcall function 00611FC0: BeginPaint.USER32(?,?), ref: 00612074
                                                                                                                                                                                                                                                                              • Part of subcall function 00611FC0: FillRect.USER32(?,?), ref: 006120E3
                                                                                                                                                                                                                                                                              • Part of subcall function 00611FC0: FillRect.USER32(?,?), ref: 0061210D
                                                                                                                                                                                                                                                                              • Part of subcall function 00611FC0: EndPaint.USER32(?,?), ref: 00612118
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ProcWindow$Rect$BrushCreateFillPaintSolidTimer$AddressBeginExchangeHandleInterlockedKillModuleVersion
                                                                                                                                                                                                                                                                            • String ID: DwmSetWindowAttribute$ShutdownBlockReasonCreate$dwmapi.dll$user32.dll
                                                                                                                                                                                                                                                                            • API String ID: 190927372-2496381605
                                                                                                                                                                                                                                                                            • Opcode ID: d12ce303a3d0c7a66ff109df6f6858ae195baa13d3c5cf7c2fd3f0f135aad740
                                                                                                                                                                                                                                                                            • Instruction ID: f8d26842927d98713d986e3b1eef8a7e404818899b10b50df8f542f2186fc8e9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d12ce303a3d0c7a66ff109df6f6858ae195baa13d3c5cf7c2fd3f0f135aad740
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D071D532600229AFDB209F64EC99BFEBB7AFF09711F040059F915963A1C7758A50DBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00617E70 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 125COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(Ta,00000008,?,7A2810E3,?,00000000), ref: 00617EAC
                                                                                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,006320C0), ref: 00617ED9
                                                                                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00617F15
                                                                                                                                                                                                                                                                            • IsValidSid.ADVAPI32 ref: 00617F22
                                                                                                                                                                                                                                                                            • GetSidSubAuthorityCount.ADVAPI32 ref: 00617F31
                                                                                                                                                                                                                                                                            • GetSidSubAuthority.ADVAPI32(?,?), ref: 00617F3D
                                                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00617F4F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to open process token!), ref: 00617F78
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00617F90
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to retrieve process mandatory label!,?,0063B144,00000000), ref: 00617F9A
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00617FB2
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to verify mandatory label!,?,0063B144,00000000), ref: 00617FBC
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00617FD4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorException@8LastThrowToken$AuthorityInformation$ChangeCloseCountFindNotificationOpenProcessValid
                                                                                                                                                                                                                                                                            • String ID: Unable to open process token!$Unable to retrieve process mandatory label!$Unable to verify mandatory label!$Ta
                                                                                                                                                                                                                                                                            • API String ID: 3836789619-815629354
                                                                                                                                                                                                                                                                            • Opcode ID: 45ac9f75857d8e1b9aad995ae3b6dd42160b52bcae22ce41db6d9084c3bb378e
                                                                                                                                                                                                                                                                            • Instruction ID: f77b73b54db861f1aa7508003a49baf87bd525216b10689dd921e1813641edce
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45ac9f75857d8e1b9aad995ae3b6dd42160b52bcae22ce41db6d9084c3bb378e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6414FB1A04219AFDB14DBA4DD45FEFB7BAFF08705F044119F902E6291DB74AA04CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00611D90 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 168registrywindowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1082 611d90-611dde 1083 611de0-611de3 1082->1083 1084 611de5 1082->1084 1083->1084 1085 611dea-611df7 call 611930 1083->1085 1084->1085 1088 611f8a-611f91 1085->1088 1089 611dfd-611e0c GetObjectW 1085->1089 1090 611f96-611fb1 call 620bbe 1088->1090 1089->1088 1091 611e12-611ecd LoadImageW * 2 CreatePatternBrush call 613b30 KiUserCallbackDispatcher GetSystemMetrics LoadImageW SystemParametersInfoW 1089->1091 1091->1088 1096 611ed3-611f49 call 613b30 RegisterClassExW CreateWindowExW InterlockedExchange 1091->1096 1096->1088 1099 611f4b 1096->1099 1100 611f50-611f62 KiUserCallbackDispatcher 1099->1100 1101 611f75-611f7f 1100->1101 1102 611f64-611f67 1100->1102 1101->1090 1102->1100 1103 611f69-611f73 DispatchMessageW 1102->1103 1103->1100
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00611E04
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,00000064,00000001,00000000,00000000,00000040), ref: 00611E51
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00611E6C
                                                                                                                                                                                                                                                                            • CreatePatternBrush.GDI32(00000000), ref: 00611E76
                                                                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(00000032), ref: 00611E98
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000031), ref: 00611EA2
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00611EB2
                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00611EC5
                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00611F0F
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,?,00000000,90080000,?,?,?,?,00000000,00000000,?,?), ref: 00611F38
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 00611F40
                                                                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00611F5A
                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00611F6D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ImageLoad$CallbackCreateDispatcherSystemUser$BrushClassDispatchExchangeInfoInterlockedMessageMetricsObjectParametersPatternRegisterWindow
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 2747924374-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: 79abe55882408c56def4c8e2aa45252d577bcbc78cee35aa12564bf00e20b3a1
                                                                                                                                                                                                                                                                            • Instruction ID: c684c4ea83075192af6dc4c4684cfaf94bec4a7ef8b885a1a91753ef5d207862
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79abe55882408c56def4c8e2aa45252d577bcbc78cee35aa12564bf00e20b3a1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98513D71A40318AFEB208FA4DC49BEEBBBAFB04711F144119F615AA2D0DB749A45CF94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00611020 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 60libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1104 611020-61103c HeapSetInformation GetModuleHandleW 1105 611063-61107b SetDllDirectoryW GetModuleHandleW 1104->1105 1106 61103e-61104e GetProcAddress 1104->1106 1108 6110a2-6110ac IsProcessorFeaturePresent 1105->1108 1109 61107d-61108d GetProcAddress 1105->1109 1106->1105 1107 611050-611061 1106->1107 1107->1105 1107->1108 1111 6110c6-6110d0 call 617fe0 1108->1111 1112 6110ae-6110c0 call 613b70 ExitProcess 1108->1112 1109->1108 1110 61108f-6110a0 1109->1110 1110->1108 1119 6110d2-6110e4 call 613b70 ExitProcess 1111->1119 1120 6110ea call 6208de 1111->1120 1125 6110ef-6110f0 ExitProcess 1120->1125
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 00611029
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00611034
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00611044
                                                                                                                                                                                                                                                                            • SetDllDirectoryW.KERNEL32(006335D4), ref: 00611068
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00611073
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,LdrEnumerateLoadedModules), ref: 00611083
                                                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 006110A4
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 006110C0
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 006110E4
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 006110F0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExitProcess$AddressHandleModuleProc$DirectoryFeatureHeapInformationPresentProcessor
                                                                                                                                                                                                                                                                            • String ID: LdrEnumerateLoadedModules$SetDefaultDllDirectories$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                                                                            • API String ID: 1484830609-1451921263
                                                                                                                                                                                                                                                                            • Opcode ID: 9b28104e078f57ae2d2711c9771b28934ba0ae75653b18b2a8e0857e15f1029c
                                                                                                                                                                                                                                                                            • Instruction ID: 57a2fd9f1e9c010c32208f07071514f40a09906349e4293bb2a2d7b3047c4ac4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b28104e078f57ae2d2711c9771b28934ba0ae75653b18b2a8e0857e15f1029c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B11FE70B8537177E7302771AC5FB8A79579B15B53F095120FA06A93E0EE508BC08ADA
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061C500 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 316fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1126 61c500-61c541 call 61b780 1129 61c547-61c56e call 61b780 1126->1129 1130 61c88c-61c891 call 619da0 1126->1130 1132 61c896-61c89b call 619da0 1129->1132 1142 61c574-61c598 call 61b780 1129->1142 1130->1132 1135 61c8a0-61c8a5 call 619da0 1132->1135 1139 61c8aa-61c8b4 call 619da0 1135->1139 1142->1135 1148 61c59e-61c5e5 1142->1148 1151 61c5f7-61c605 GetSystemDirectoryW 1148->1151 1152 61c5e7-61c5f4 call 61c920 1148->1152 1154 61c614-61c616 1151->1154 1155 61c607-61c612 GetLastError 1151->1155 1152->1151 1157 61c619-61c62c call 62575e 1154->1157 1155->1157 1157->1139 1160 61c632-61c638 1157->1160 1160->1139 1161 61c63e-61c649 1160->1161 1162 61c7fd-61c80d 1161->1162 1163 61c64f-61c662 1161->1163 1166 61c826-61c833 1162->1166 1167 61c80f-61c823 1162->1167 1164 61c664-61c674 call 61c920 1163->1164 1165 61c677-61c686 GetVolumePathNameW 1163->1165 1164->1165 1171 61c693-61c6a1 call 62575e 1165->1171 1172 61c688-61c690 GetLastError 1165->1172 1168 61c835-61c845 1166->1168 1169 61c849-61c857 1166->1169 1167->1166 1168->1169 1175 61c859-61c869 1169->1175 1176 61c86d-61c88b call 620bbe 1169->1176 1171->1139 1184 61c6a7-61c6aa 1171->1184 1172->1171 1175->1176 1184->1139 1185 61c6b0-61c6bb 1184->1185 1185->1162 1186 61c6c1-61c6d3 1185->1186 1187 61c6e5-61c6f4 GetVolumeNameForVolumeMountPointW 1186->1187 1188 61c6d5-61c6e2 call 61c920 1186->1188 1190 61c701-61c70f call 62575e 1187->1190 1191 61c6f6-61c6fe GetLastError 1187->1191 1188->1187 1190->1139 1195 61c715-61c718 1190->1195 1191->1190 1195->1139 1196 61c71e-61c729 1195->1196 1196->1162 1197 61c72f-61c737 1196->1197 1198 61c739-61c73b 1197->1198 1199 61c79e-61c7b6 CreateFileW 1197->1199 1202 61c740-61c744 1198->1202 1200 61c7c3-61c7e1 DeviceIoControl 1199->1200 1201 61c7b8-61c7c1 GetLastError 1199->1201 1203 61c7e3-61c7ec GetLastError 1200->1203 1204 61c7ee-61c7f4 1200->1204 1201->1162 1205 61c751 1202->1205 1206 61c746-61c74f 1202->1206 1207 61c7f6-61c7f7 CloseHandle 1203->1207 1204->1207 1208 61c753-61c75f 1205->1208 1206->1208 1207->1162 1208->1202 1209 61c761-61c763 1208->1209 1209->1199 1210 61c765-61c769 1209->1210 1210->1139 1211 61c76f-61c77e 1210->1211 1212 61c780-61c789 call 61c920 1211->1212 1213 61c78c-61c78f 1211->1213 1212->1213 1213->1139 1215 61c795-61c79a 1213->1215 1215->1199
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0061B780: GetProcessHeap.KERNEL32(DVa), ref: 0061B7DC
                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0061C5FD
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00632548), ref: 0061C607
                                                                                                                                                                                                                                                                            • GetVolumePathNameW.KERNELBASE(?,00000010,00000104,?,?,?,?,?,00632548), ref: 0061C67E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00632548), ref: 0061C688
                                                                                                                                                                                                                                                                            • GetVolumeNameForVolumeMountPointW.KERNELBASE(00000010,00000010,00000104,?,?,?,?,?,?,?,00632548), ref: 0061C6EC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00632548), ref: 0061C6F6
                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000010,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0061C7AB
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00632548), ref: 0061C7B8
                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNELBASE(00000000,002D1080,00000000,00000000,?,0000000C,00000000,00000000), ref: 0061C7D9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00632548), ref: 0061C7E3
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00632548), ref: 0061C7F7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$Volume$Name$CloseControlCreateDeviceDirectoryFileHandleHeapMountPathPointProcessSystem
                                                                                                                                                                                                                                                                            • String ID: H%c
                                                                                                                                                                                                                                                                            • API String ID: 204137380-3179341167
                                                                                                                                                                                                                                                                            • Opcode ID: abc1902f004889628c7df174a4d95af581c2a57d5bfde7579ad25730a2938906
                                                                                                                                                                                                                                                                            • Instruction ID: 3e87fe48d4ab7cc18f6b6a38cd8dad2100759954dcabd5a31d1b9ad6f86d30ba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abc1902f004889628c7df174a4d95af581c2a57d5bfde7579ad25730a2938906
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AAB1A035A406159FDB10DFA8D895BEEBBB6EF48320F18412DE912E7390DB71A940CF94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00613190 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1233 613190-6131b9 GetWindowsDirectoryW 1234 613240-613246 GetLastError 1233->1234 1235 6131bf-6131c2 1233->1235 1236 613248-61324d 1234->1236 1235->1234 1237 6131c4-6131e1 call 619250 ConvertStringSecurityDescriptorToSecurityDescriptorA 1235->1237 1238 613256-613272 SetLastError call 620bbe 1236->1238 1239 61324f-613250 LocalFree 1236->1239 1237->1234 1243 6131e3-613217 wsprintfW CreateDirectoryW 1237->1243 1239->1238 1243->1236 1245 613219-61323e wsprintfW CreateDirectoryW 1243->1245 1245->1234 1245->1236
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(?,00000020,?,?,?), ref: 006131B1
                                                                                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU),00000001,?,00000000), ref: 006131DA
                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00613201
                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,?), ref: 0061320F
                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00613228
                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,?), ref: 00613236
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 00613240
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?), ref: 00613250
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?), ref: 00613257
                                                                                                                                                                                                                                                                              • Part of subcall function 00619250: CryptGenRandom.ADVAPI32(00000008,00619209,7A2810E3,?,00619209,0000800C,?,?,0063B144,00000000,?,?,?,?,00632269,000000FF), ref: 006192A8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • %s\Temp\asw.%08x%08x, xrefs: 006131F1
                                                                                                                                                                                                                                                                            • %c:\asw.%08x%08x, xrefs: 00613222
                                                                                                                                                                                                                                                                            • D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU), xrefs: 006131D5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Directory$CreateDescriptorErrorLastSecuritywsprintf$ConvertCryptFreeLocalRandomStringWindows
                                                                                                                                                                                                                                                                            • String ID: %c:\asw.%08x%08x$%s\Temp\asw.%08x%08x$D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU)
                                                                                                                                                                                                                                                                            • API String ID: 1345463893-1526440225
                                                                                                                                                                                                                                                                            • Opcode ID: 19951828acfd19f04b5e3e50367622273bb8f87f274728daf7191ac48581ca10
                                                                                                                                                                                                                                                                            • Instruction ID: 6862e4738a8e8f9f8d025afc3ab03b940f694454a8465e501291e3006da558c1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19951828acfd19f04b5e3e50367622273bb8f87f274728daf7191ac48581ca10
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C214CB1A00228ABDB10AFE49D89DEEBBBEEF05B41F040015F905E6350D7749B858BA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00618410 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 95fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1246 618410-61844b GetFileSizeEx 1247 618451-618455 1246->1247 1248 6184f9 1246->1248 1250 618471-618486 CreateFileMappingW 1247->1250 1251 618457 1247->1251 1249 6184fe-618504 GetLastError 1248->1249 1252 618505-61851b call 617da0 call 62203a 1249->1252 1255 618488-61848d 1250->1255 1256 61848f-6184ac MapViewOfFile 1250->1256 1253 618462-61846c 1251->1253 1254 618459-618460 1251->1254 1253->1252 1254->1250 1254->1253 1255->1249 1258 6184b5-6184f8 call 618520 UnmapViewOfFile CloseHandle call 620bbe 1256->1258 1259 6184ae-6184b3 1256->1259 1259->1249
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(?,00632160,7A2810E3,?,?,?,?,?,00000000,00632160,000000FF,?,006126F7,?,00000000), ref: 00618443
                                                                                                                                                                                                                                                                            • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000,?,?,00000000,00632160), ref: 0061847C
                                                                                                                                                                                                                                                                            • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,?,00000000,00632160), ref: 006184A2
                                                                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,?,00000000,00632160), ref: 006184CE
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00632160), ref: 006184D5
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to determine file size!,?,?,00000000,00632160,000000FF,?,006126F7,?,00000000), ref: 006184FE
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00618516
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$View$CloseCreateErrorException@8HandleLastMappingSizeThrowUnmap
                                                                                                                                                                                                                                                                            • String ID: Unable to determine file size!$Unable to open file mapping!$Unable to process files over 1GB!$`!c
                                                                                                                                                                                                                                                                            • API String ID: 3729524651-1073879771
                                                                                                                                                                                                                                                                            • Opcode ID: 354a699bd98bdd4f2e1ab5d77d7b4dbe44f571893a09452e0200a9fe7ed07731
                                                                                                                                                                                                                                                                            • Instruction ID: e6a516985de00702f6edab667d2907f149c926a47e6d5d48f877c787b3d998d4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 354a699bd98bdd4f2e1ab5d77d7b4dbe44f571893a09452e0200a9fe7ed07731
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE31D531A40619BFDB208B94DC46FEEBBBAEB04B11F144019FA01A72C0DF745A44CBE4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00618520 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 243COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1367 618520-618560 1368 618566-61856e 1367->1368 1369 618658-61866a 1367->1369 1368->1369 1372 618574-618579 1368->1372 1370 618801-618819 call 617da0 call 62203a 1369->1370 1371 618670-61867b 1369->1371 1384 61881e-618836 call 617da0 call 62203a 1370->1384 1373 618681-618688 1371->1373 1374 618862-61887f call 617da0 call 62203a 1371->1374 1376 618656 1372->1376 1377 61857f-618581 1372->1377 1378 61868a-61868d 1373->1378 1379 6186bd-6186c3 1373->1379 1376->1369 1377->1376 1382 618587-618591 1377->1382 1383 618693-6186bb call 6181a0 1378->1383 1378->1384 1379->1374 1387 6186c9-6186d0 1379->1387 1382->1376 1388 618597-61859d 1382->1388 1400 618725-618765 call 6182f0 call 618880 1383->1400 1409 61883b call 624650 1384->1409 1387->1374 1392 6186d6-6186dc 1387->1392 1388->1376 1393 6185a3-6185a9 1388->1393 1397 6186e2-6186ec 1392->1397 1398 618845-61885d call 617da0 call 62203a 1392->1398 1393->1376 1399 6185af-6185c1 1393->1399 1397->1398 1402 6186f2-6186fc 1397->1402 1398->1374 1403 6185c3-6185c9 1399->1403 1404 6185e8-6185f3 1399->1404 1427 618767-618774 1400->1427 1428 6187a9-6187ae 1400->1428 1402->1398 1410 618702-618722 call 61d860 1402->1410 1403->1376 1411 6185cf-6185d8 1403->1411 1407 618602-618608 1404->1407 1408 6185f5-618600 1404->1408 1407->1376 1415 61860a-618613 1407->1415 1408->1376 1408->1407 1422 618840 call 624650 1409->1422 1410->1400 1411->1376 1418 6185da-6185e6 1411->1418 1415->1376 1421 618615-61861b 1415->1421 1419 618621-618629 1418->1419 1419->1369 1425 61862b-61862d 1419->1425 1421->1419 1422->1398 1425->1369 1429 61862f-618631 1425->1429 1430 618776-618784 1427->1430 1431 61878a-6187a2 call 620bff 1427->1431 1434 6187b0-6187bd 1428->1434 1435 6187d9-618800 call 620bbe 1428->1435 1432 618633-618635 1429->1432 1433 618638-61863b 1429->1433 1430->1409 1430->1431 1431->1428 1432->1433 1437 618640-618642 1433->1437 1438 6187cf-6187d6 call 620bff 1434->1438 1439 6187bf-6187cd 1434->1439 1443 618651-618654 1437->1443 1444 618644-618648 1437->1444 1438->1435 1439->1422 1439->1438 1443->1369 1444->1443 1447 61864a-61864f 1444->1447 1447->1437 1447->1443
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: ASWS$ASWS$ASWS$Unable to read signature!$ig2A$ig2A
                                                                                                                                                                                                                                                                            • API String ID: 0-1997839495
                                                                                                                                                                                                                                                                            • Opcode ID: 4d3b50d1663977a7a71571e45a2e3d75a7c1e41b8368fc182477a02373864413
                                                                                                                                                                                                                                                                            • Instruction ID: bcf56814a2e745fa01567ff5812a08e7f5c7d5fcaa73acd1efd7a74e8ffbe9c9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d3b50d1663977a7a71571e45a2e3d75a7c1e41b8368fc182477a02373864413
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F891E030A002199FDF54DFA4D985BEDB376FF05304F68816DE800AB282DB35A984CB98
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00614020 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 81stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • &t=event&ec=microstub&ea=ok&el=%08lx, xrefs: 00614066
                                                                                                                                                                                                                                                                            • v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s, xrefs: 006140B0
                                                                                                                                                                                                                                                                            • &t=screenview&cd=%s, xrefs: 00614046
                                                                                                                                                                                                                                                                            • &t=event&ec=microstub&ea=error&el=%08lx%08lx, xrefs: 00614081
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: wsprintf$lstrlen
                                                                                                                                                                                                                                                                            • String ID: &t=event&ec=microstub&ea=error&el=%08lx%08lx$&t=event&ec=microstub&ea=ok&el=%08lx$&t=screenview&cd=%s$v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s
                                                                                                                                                                                                                                                                            • API String ID: 217384638-4207265834
                                                                                                                                                                                                                                                                            • Opcode ID: 6bcd541229a95b71309390a3e1675301d16fa4bc5a99511ce679033b96f64d52
                                                                                                                                                                                                                                                                            • Instruction ID: a00c935e0354516b8c8e775dbb645c66242902fdee3e34ec6161ff40869220cb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bcd541229a95b71309390a3e1675301d16fa4bc5a99511ce679033b96f64d52
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D315EB1D00229ABCB20DF64DC45B9BBBB9FF08315F004199A609E3281EB719B94CF95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061E450 Relevance: 13.1, APIs: 10, Instructions: 634memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000001), ref: 0061EC60
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0061EC67
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 0061ECB5
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0061ECBC
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0061ECE2
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0061ECE9
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0061ED0F
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0061ED16
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0061ED4C
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0061ED53
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7ac00ea6644fa3c1ff480f6d2f180ddafca9686ac09f786242f656852846a8b8
                                                                                                                                                                                                                                                                            • Instruction ID: 8ab98be8d6671883c5711030d3b7eea37d73039f67db7513fa6f631a77bcd89d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ac00ea6644fa3c1ff480f6d2f180ddafca9686ac09f786242f656852846a8b8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37321EB1D015299BDB60DF54DD85BEAB7BBAB94310F0801D9E808A7341DB369EE4CF90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006139C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindResourceW.KERNEL32(00610000,00000001,00000010), ref: 006139F1
                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00610000,00000000), ref: 00613A01
                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00613A52
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • \StringFileInfo\040904b0\Edition, xrefs: 00613A67
                                                                                                                                                                                                                                                                            • %d.%d.%d.%d, xrefs: 00613A4A
                                                                                                                                                                                                                                                                            • \StringFileInfo\040904b0\SubEdition, xrefs: 00613A8F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Resource$FindLoadwsprintf
                                                                                                                                                                                                                                                                            • String ID: %d.%d.%d.%d$\StringFileInfo\040904b0\Edition$\StringFileInfo\040904b0\SubEdition
                                                                                                                                                                                                                                                                            • API String ID: 1667977947-3794282237
                                                                                                                                                                                                                                                                            • Opcode ID: aede7f79bc6dbde801bad26b8c0a9b48e97af6f79cd5129901b88de29ab78813
                                                                                                                                                                                                                                                                            • Instruction ID: 9e7b8c9897b00d1e108e8890e935b3ca04ae9dc9261f71bb69f573f8086a110f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aede7f79bc6dbde801bad26b8c0a9b48e97af6f79cd5129901b88de29ab78813
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D316F72A00229ABDB10DF95DC41AFFB7AEEF48701F180069FD05E6341EA31DE458BA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00613280 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindResourceW.KERNELBASE(00610000,EDAT_ECOO,0000000A), ref: 00613294
                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00610000,00000000), ref: 006132AB
                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00610000,00000000), ref: 006132B9
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Resource$FindLoadSizeof
                                                                                                                                                                                                                                                                            • String ID: $@$EDAT_ECOO
                                                                                                                                                                                                                                                                            • API String ID: 507330600-2393187713
                                                                                                                                                                                                                                                                            • Opcode ID: 6e75848fbeaa7b2b5c438ca2d2ee74ed129543c62d718414349f14ca43c2cdfc
                                                                                                                                                                                                                                                                            • Instruction ID: 95e8ea755c1ffb33f6c7df6dc1e13c1db77bb38272d471bb3d245e74f213e2b4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e75848fbeaa7b2b5c438ca2d2ee74ed129543c62d718414349f14ca43c2cdfc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC31FB32A147A297DB308F7888C55E9B3A3AF95384709476EF45797302EF70ABC48348
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00612480 Relevance: 9.1, APIs: 6, Instructions: 95sleepfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000), ref: 00612506
                                                                                                                                                                                                                                                                            • SetEndOfFile.KERNELBASE(?), ref: 00612511
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0061251B
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00612550
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,00000000), ref: 00612574
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00000000), ref: 00612585
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$File$PointerSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3209234422-0
                                                                                                                                                                                                                                                                            • Opcode ID: fcc729ff74f709c9f273f2ec70f8e31f7a09fe303497f9d0dfd95781473efef1
                                                                                                                                                                                                                                                                            • Instruction ID: 3f3e46af24d9c90f35dad3b3cf0fffcbc05a0503a8937a7146f61d6781184dbc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcc729ff74f709c9f273f2ec70f8e31f7a09fe303497f9d0dfd95781473efef1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12318DB5D0021ADBDB14DFA5E8A47EEBBB6FF48314F18411AEC15A3350DB309991CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061B890 Relevance: 6.2, APIs: 4, Instructions: 243COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,?,0061B45F), ref: 0061B99D
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000010,00000000,?,0061B45F), ref: 0061B9D6
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,00000000,00000000,?,0061B45F), ref: 0061BA89
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,0061B45F,00000000,00000000,00000000,?,0061B45F), ref: 0061BAC7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 626452242-0
                                                                                                                                                                                                                                                                            • Opcode ID: 77529d88c16bdf9ee8059c6572adb9c021ef14baf6437cfeb2d128ae8e2e66e3
                                                                                                                                                                                                                                                                            • Instruction ID: 098459662379d57e376576fd12a4581d8fd07c6f86e8f2d4985931d02316449a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77529d88c16bdf9ee8059c6572adb9c021ef14baf6437cfeb2d128ae8e2e66e3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0091A031A002199FDB11CF68D884BEDBBB6FF85310F285159E815AB391DB71AE42CF94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00618880 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 315COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00618C7A
                                                                                                                                                                                                                                                                              • Part of subcall function 0061FC70: GetProcessHeap.KERNEL32(00000000,?,?,?,?,00000000), ref: 0061FCB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0061FC70: HeapFree.KERNEL32(00000000), ref: 0061FCBA
                                                                                                                                                                                                                                                                              • Part of subcall function 0061ED90: GetProcessHeap.KERNEL32(00000000,8B55CCCC,006182E6,?,00618A31,?,?,?), ref: 0061EDB7
                                                                                                                                                                                                                                                                              • Part of subcall function 0061ED90: HeapFree.KERNEL32(00000000,?,?), ref: 0061EDBE
                                                                                                                                                                                                                                                                              • Part of subcall function 0061FAC0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0061FC26
                                                                                                                                                                                                                                                                              • Part of subcall function 0061FAC0: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0061FC2D
                                                                                                                                                                                                                                                                              • Part of subcall function 0061FAC0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0061FC4D
                                                                                                                                                                                                                                                                              • Part of subcall function 0061FAC0: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0061FC54
                                                                                                                                                                                                                                                                              • Part of subcall function 0061E450: GetProcessHeap.KERNEL32(00000000,00000001), ref: 0061EC60
                                                                                                                                                                                                                                                                              • Part of subcall function 0061E450: HeapFree.KERNEL32(00000000), ref: 0061EC67
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Unable to read digest or signature!, xrefs: 00618C47
                                                                                                                                                                                                                                                                            • Unable to initialize DSA parameters!, xrefs: 00618C50
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$FreeProcess$Exception@8Throw
                                                                                                                                                                                                                                                                            • String ID: Unable to initialize DSA parameters!$Unable to read digest or signature!
                                                                                                                                                                                                                                                                            • API String ID: 786774151-2226104879
                                                                                                                                                                                                                                                                            • Opcode ID: 4bc834a505583df00a66ff5b4abd51f7fe0519c602f874a6e03866598525e767
                                                                                                                                                                                                                                                                            • Instruction ID: 891c7cbf79a5a80b8cbd0dc33e27ff026e990797f7ca133e610eae463001782c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bc834a505583df00a66ff5b4abd51f7fe0519c602f874a6e03866598525e767
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1B1C072D0031CAADF50DBA4DD45BDEB3BEAF14304F48456AE909E7141EB74EA84CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006143E0 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_00004020,?,00000000,?), ref: 0061440A
                                                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00614415
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ChangeCloseCreateFindNotificationThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4060959955-0
                                                                                                                                                                                                                                                                            • Opcode ID: c3eaaabe6f18a4f312bdb5fd3ca786ae1d0ed65559007d959bf2ca39aa272406
                                                                                                                                                                                                                                                                            • Instruction ID: 1ea24428d4cb22307035c99e02e97fec3aeec101ef0e0a2bab9d87305c3a65b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3eaaabe6f18a4f312bdb5fd3ca786ae1d0ed65559007d959bf2ca39aa272406
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88F01270A00208AFEB14DFA4ED49BAD77B6EB04706F504058F905972D1DF756A84CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00614440 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_000041B0,?,00000000,?), ref: 0061446A
                                                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00614475
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ChangeCloseCreateFindNotificationThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4060959955-0
                                                                                                                                                                                                                                                                            • Opcode ID: bd4f9abf94b70fed38b580488b59b73dc3330598671faf3f834a176a497aab19
                                                                                                                                                                                                                                                                            • Instruction ID: aeeb036870e31c3d35b5c344698ff517da0d5fa57d720c31476a70d09e40eca9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd4f9abf94b70fed38b580488b59b73dc3330598671faf3f834a176a497aab19
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10F01270A00208BBEB14DFA4ED4ABAD7BB9EB04705F504058F905972D1DB756A85CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062B5D6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0062A272: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00628B5A,00000001,00000364,?,00622AA0,?,?,?,?,?,00617DDD,?), ref: 0062A2B3
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062B642
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2264b8dc440bd836ca5efdcdcc207cde03cd0b5dfc6e4b607fc2e260d0dd6cb0
                                                                                                                                                                                                                                                                            • Instruction ID: f54151a4ed1987090cecb3a2ed7edc661eb18844c6f3b346f6cd1ef283bb2722
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2264b8dc440bd836ca5efdcdcc207cde03cd0b5dfc6e4b607fc2e260d0dd6cb0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6012B72200755AFE7318E59A841959FBEAFB85370F25051DE584932C0EB30A9058B24
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062A272 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00628B5A,00000001,00000364,?,00622AA0,?,?,?,?,?,00617DDD,?), ref: 0062A2B3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: a3045cecea7869353646cbc743cd2563cea2a9873c69fa21a086b9f5fe7b65bf
                                                                                                                                                                                                                                                                            • Instruction ID: f557811d32c6a0bd092b6145deebb71b5a0438e470ff878f049492d9f4d8afaa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3045cecea7869353646cbc743cd2563cea2a9873c69fa21a086b9f5fe7b65bf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF02B31106D30D79B219AA2BC00B9A374BAF41770B1C8522FC04DA294DAA2DE004DE2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006205F8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00620610
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6c0797d2a368121c2400abab67a99f9eb9596d7ec2186fb468be96957ced917c
                                                                                                                                                                                                                                                                            • Instruction ID: e74665a27a0a6ae7a01ed062ced20310a7a5a30e6df24fd73163115ea0262b47
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c0797d2a368121c2400abab67a99f9eb9596d7ec2186fb468be96957ced917c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88B012812DD0357D7254D1016C02E7B051FD8C0F11730481EF180C4081D8901C411435
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620666 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: 45462525b383810f79ed5450b182985c8a2284e604f7bee5ad316bc9d0ebbc38
                                                                                                                                                                                                                                                                            • Instruction ID: 855b17c21c138cfeca7d59c3ad75b5c3717003c2d297e7e89889d1b05da7186a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45462525b383810f79ed5450b182985c8a2284e604f7bee5ad316bc9d0ebbc38
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13B0129125C0217D334491057D02D7B019FCCC0F10B34841EF200C0141D9600C420931
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620670 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: ff7452fc0db38a6b5943b0b04113ad7978651f3a3288d73780c7f09fba5cd93d
                                                                                                                                                                                                                                                                            • Instruction ID: 07840b8bb4ae50455b1947a5a1f3552d11969c08849ba9d8748bb032967aee88
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff7452fc0db38a6b5943b0b04113ad7978651f3a3288d73780c7f09fba5cd93d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6B0128126D021BD324491057C02D3B011FCCC4F10734841EF500C0541D9600C510A31
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062067A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: f3ab3440c0b911055cfdb36a0e3c9c51256a681372ef2a15177f1acf9cc1f2c3
                                                                                                                                                                                                                                                                            • Instruction ID: f379e0d88f6b4d10a8892e7fe3907e20767596a666ee967fed1f1577a036d6a2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3ab3440c0b911055cfdb36a0e3c9c51256a681372ef2a15177f1acf9cc1f2c3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6B0128125C1257D33A491057C02E3B051FCDC0F10734451EF500C4141D9500D851A71
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620648 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: 76bb8be9d9eea842e76c911a9314f3c0bdbffcebe1cf7ac6b041e83d9219031f
                                                                                                                                                                                                                                                                            • Instruction ID: 1a89631465609211e8fa287f3bf9606dc7f638ab65e2cb2147996a82a4daf854
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76bb8be9d9eea842e76c911a9314f3c0bdbffcebe1cf7ac6b041e83d9219031f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88B0128126E0217D724491057C12E3B011FCCC4F10B34441EF100C0541D9600C410931
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620652 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: 56fd7546ac7a1b422dc89a7b4f201108840a192aba0c7aabd3ce4644ea6165c5
                                                                                                                                                                                                                                                                            • Instruction ID: 3787c9916a95d53ecfc8002690060288d7630d8ac290d5b2e50d1e87f1f129ee
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56fd7546ac7a1b422dc89a7b4f201108840a192aba0c7aabd3ce4644ea6165c5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFB0128125E0217D334491457D02D3B011FCCC4F50734841EF200C4541D9701C420931
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062065C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: 17eda96e69a9136de1b02aa252e3810a81a6391885d67e43b120f238a6b06524
                                                                                                                                                                                                                                                                            • Instruction ID: 717d0808221ca5899797e6c6efbb9d1297c9199969dcb6edafd9f9b7ca97b15f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17eda96e69a9136de1b02aa252e3810a81a6391885d67e43b120f238a6b06524
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42B0129125D2217D339491057C02D3B011FCCC4F10734451EF500C0541D9600C850A31
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620634 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: 16cb94417b1b001f01847d0a31681e3c06f97addd9591b47165ee2fa66d1be96
                                                                                                                                                                                                                                                                            • Instruction ID: 1ef423201758c298a451da2ec6a50f1ac26f3d88fe18b9692a739777d8acc8ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16cb94417b1b001f01847d0a31681e3c06f97addd9591b47165ee2fa66d1be96
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FB0128525D1217D339491057C02D7B015FCCC0F10734451EF500C0141D9500C850A31
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062063E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: 08599fcf21b255de596965a0c48a4f083829a65d262c03d79dd4dfbe47ed53f6
                                                                                                                                                                                                                                                                            • Instruction ID: cb6b7c7af37e4163ae5a0be2f9afc366b6ac7fe027d62519ae8fb7ad6cc007e1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08599fcf21b255de596965a0c48a4f083829a65d262c03d79dd4dfbe47ed53f6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEB0128526C021BD324491157C02D7B015FCCC0F10734841EF500C0141DA500C410931
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620619 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4b8c81058cbecdd33857fa3d89d30755b0f816cc63bd58e05ac5e3a2944e1e50
                                                                                                                                                                                                                                                                            • Instruction ID: e66352f6504d0bcd6dafeb77b6bf4ca53df0ae2ceaccc2c04eaa65a4df3b23b8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b8c81058cbecdd33857fa3d89d30755b0f816cc63bd58e05ac5e3a2944e1e50
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19B0128325C1257D72045101BC02D7B011FCCC0F10B34441EF100D0042D9500D410835
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0062062B
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00617AF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00617B59
                                                                                                                                                                                                                                                                              • Part of subcall function 00617AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00617B6A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1f230b52033635371f96b5c28b61cb0395a78779441042a212a5813ae0c45eba
                                                                                                                                                                                                                                                                            • Instruction ID: 9e1d1fd03e34f27166da8886022d64ae1173553ad5cb8226103b336b7a8ad598
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f230b52033635371f96b5c28b61cb0395a78779441042a212a5813ae0c45eba
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABB0128126C025BD325491057C02E3B051FCCC0F10734841EF500C4141D9504C411931
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 00619020 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 152encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00618DC0: lstrcatA.KERNEL32(?, (Prototype),?,7A2810E3,?), ref: 00618E56
                                                                                                                                                                                                                                                                              • Part of subcall function 00618DC0: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,7A2810E3,?), ref: 00618E6D
                                                                                                                                                                                                                                                                              • Part of subcall function 00618DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,7A2810E3,?), ref: 00618E85
                                                                                                                                                                                                                                                                            • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,7A2810E3,?,?,00618744,?,?,?,?,00632269,000000FF), ref: 00619088
                                                                                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00632269,000000FF), ref: 006190A4
                                                                                                                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,7A2810E3,00000000,?,?,?,?,00632269,000000FF), ref: 006190BB
                                                                                                                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,00632269,000000FF), ref: 006190E4
                                                                                                                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,00632269,000000FF), ref: 00619128
                                                                                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00632269,000000FF), ref: 0061913E
                                                                                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,00632269,000000FF), ref: 0061914E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to create hash context!,?,?,?,?,00632269,000000FF), ref: 00619177
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0061918F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to update hash context!,?,0063B144,00000000,?,?,?,?,00632269,000000FF), ref: 00619199
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 006191B1
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to determine digest size!,?,0063B144,00000000,?,?,?,?,00632269,000000FF), ref: 006191BB
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 006191D3
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to retrieve digest!,?,0063B144,00000000,?,?,?,?,00632269,000000FF), ref: 006191DD
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 006191F5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Unable to determine digest size!, xrefs: 006191B6
                                                                                                                                                                                                                                                                            • Unable to update hash context!, xrefs: 00619194
                                                                                                                                                                                                                                                                            • Unable to retrieve digest!, xrefs: 006191D8
                                                                                                                                                                                                                                                                            • Unable to create hash context!, xrefs: 00619172
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Crypt$Hash$ErrorException@8LastThrow$Context$DestroyParamRelease$AcquireCreateDatalstrcat
                                                                                                                                                                                                                                                                            • String ID: Unable to create hash context!$Unable to determine digest size!$Unable to retrieve digest!$Unable to update hash context!
                                                                                                                                                                                                                                                                            • API String ID: 827938544-872507617
                                                                                                                                                                                                                                                                            • Opcode ID: 03dadf055066ac90e8da7ec946c615740196e485350362340edc1f042556b891
                                                                                                                                                                                                                                                                            • Instruction ID: 1d5c5a58ade61682629a2e533c65e859da43df094ed45480b8a1a0b51e474368
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03dadf055066ac90e8da7ec946c615740196e485350362340edc1f042556b891
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44510971E4021AABDB14DFA1DC59FEEBBBAFF08704F144119F511B2290DB74AA44CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00619340 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(?,00000004,0000800C,00618744,00000000,7A2810E3,?,?,?,00000000), ref: 00619395
                                                                                                                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 006193DC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to determine digest size!), ref: 0061940A
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00619422
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to retrieve digest!,?,0063B144,00000000), ref: 0061942C
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00619444
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Unable to determine digest size!, xrefs: 00619405
                                                                                                                                                                                                                                                                            • Unable to retrieve digest!, xrefs: 00619427
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptErrorException@8HashLastParamThrow
                                                                                                                                                                                                                                                                            • String ID: Unable to determine digest size!$Unable to retrieve digest!
                                                                                                                                                                                                                                                                            • API String ID: 2498184597-199986585
                                                                                                                                                                                                                                                                            • Opcode ID: 7e24fcc238b0878dc0f4713e98c06945455c11daa214c04b5f29d805855f309c
                                                                                                                                                                                                                                                                            • Instruction ID: 20f2a4511a3f43f5dec157789f5f3eb1497786d629068fb70f40449f06edb281
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e24fcc238b0878dc0f4713e98c06945455c11daa214c04b5f29d805855f309c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47312CB1A40219AFDB10DFA5DD45FEEBBBAFF04704F10411AF511A3280DB756A44CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062CE7E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                            • Opcode ID: 0f221e10c94d2eda67462f8880f436f70018670401eb454687aabfdb4dd3660f
                                                                                                                                                                                                                                                                            • Instruction ID: ecda53088288bc01cff3e743d827cdde8925383792ac0146b2fb93749a1d0ea8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f221e10c94d2eda67462f8880f436f70018670401eb454687aabfdb4dd3660f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FC25C71E08A388FDB25CE28ED447E9B7B6EB44345F1541EAD84DE7240E779AE818F40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006194D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 006194E2
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to update hash context!), ref: 006194F7
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0061950F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Unable to update hash context!, xrefs: 006194F2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptDataErrorException@8HashLastThrow
                                                                                                                                                                                                                                                                            • String ID: Unable to update hash context!
                                                                                                                                                                                                                                                                            • API String ID: 913647941-2364437153
                                                                                                                                                                                                                                                                            • Opcode ID: ba2ad14718b796290864614692204ddfaa58e31e370044884e5ecf6c6d4462ab
                                                                                                                                                                                                                                                                            • Instruction ID: 329af322b6c5cfa65db56b65f73a1a56b31647d7aa5a1c9988396d0d82c545b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba2ad14718b796290864614692204ddfaa58e31e370044884e5ecf6c6d4462ab
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DE04F316402197BCB10AFA8DC06FAEBB7EBF00704F044458BA1495191EF31E914CBE8
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061EDE0 Relevance: 5.2, APIs: 4, Instructions: 239memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 0061F034
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0061F03B
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 0061F058
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0061F05F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8a0991cb07dc07b0015cb25dda885604f98242d504c36718d8ed5b8cedaf663d
                                                                                                                                                                                                                                                                            • Instruction ID: 2b573108ce807ad0d937b3ce08d0cba17b5fe1d9cbc40a70bdf8a36e803d2ed1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a0991cb07dc07b0015cb25dda885604f98242d504c36718d8ed5b8cedaf663d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5713D72D002295BDB11DBE4D885AEFB7BEAB08315F084529ED14A7201E779DD868BA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00624476 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0062456E
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00624578
                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00624585
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                            • Opcode ID: a24f673fe050f631a95748d0bf779af5b25532d612f425b3837b8b469c164e4d
                                                                                                                                                                                                                                                                            • Instruction ID: 70dfbd7033c638065b0b82c036e97e3a285877ef43cc6e53e23275d258881310
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a24f673fe050f631a95748d0bf779af5b25532d612f425b3837b8b469c164e4d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6731C4749012289BCB61DF64EC897DDBBB9BF18310F5041EAE81CAB250EB709F858F55
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00627C5A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,?,00627C30,00000000,0063BA28,0000000C,00627D87,00000000,00000002,00000000), ref: 00627C7B
                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00627C30,00000000,0063BA28,0000000C,00627D87,00000000,00000002,00000000), ref: 00627C82
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00627C94
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3d2d206bfbd80b316af2bd6729843b9c83702cab70cc47353411c82de42fe220
                                                                                                                                                                                                                                                                            • Instruction ID: bbda863097792fb3de1a8aabbe52ce1ac38f142742d2c1da1d2848ac9b2b8752
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d2d206bfbd80b316af2bd6729843b9c83702cab70cc47353411c82de42fe220
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8E0EC31114968AFCF526F64ED4AE893FABEF51392F005014F8199A631CB35DE96CF84
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062C9D0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                                                                                                                            • Instruction ID: 4bcef331950c7b7eefbdd73f66e54e6b5cfa9cc0bda580447a371e0cea9680e6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD021C71E005299BDF14CFA9D8806EDBBF2EF48324F258669D819E7344D731A941CF94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0063126C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00631267,?,?,00000008,?,?,00630F07,00000000), ref: 00631499
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                            • Opcode ID: 63150352b261b41b7565e167d338e0f1ef024a6440f7421cc38794901fc2d24b
                                                                                                                                                                                                                                                                            • Instruction ID: 9de2fe1f8cd8d127cb729bc8ecc28448e8f9377e5a17f278a952f301c3b0e193
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63150352b261b41b7565e167d338e0f1ef024a6440f7421cc38794901fc2d24b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0B14E71610608DFD715CF28C48ABA57BE1FF46365F258658E89ACF3A2C335D992CB80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00618260 Relevance: 1.5, APIs: 1, Instructions: 34encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(?,7A2810E3,?,?,006320F0,000000FF), ref: 00618296
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptDestroyHash
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 174375392-0
                                                                                                                                                                                                                                                                            • Opcode ID: 66f0c910afee554c76df7b9721b0d44226000f9ff247069c3dbe2b399015e507
                                                                                                                                                                                                                                                                            • Instruction ID: b9da98acba0c2b2ccc2ddd358d6f8ebd03cad73aaace9c55c33c54a54a6aac9b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66f0c910afee554c76df7b9721b0d44226000f9ff247069c3dbe2b399015e507
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6F09A71A04A44AFD715CF58C940BDAB7EEEB08B10F04466EAC15D3780DB7AAA04CB94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00632660 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(051CB030,00000000), ref: 0063266C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ContextCryptRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 829835001-0
                                                                                                                                                                                                                                                                            • Opcode ID: 10cc699cd09992a90429e807a5952ed2a4087193ba1b4ce0b38e873658233ae4
                                                                                                                                                                                                                                                                            • Instruction ID: 7e6b46e8f5a128a6b44c61e233ef75d581d568fe4bac7d092c7dd4cb0ceb72a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10cc699cd09992a90429e807a5952ed2a4087193ba1b4ce0b38e873658233ae4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95B01270B0020157DF208B36AD1AB02326E7B40700F0060007201D12E0C730D900C7B4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00618EF0 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000,?,006183E7,00000000,?,?,?,00000000,00000004,?,00618744,0000800C,7A2810E3,?), ref: 00618EF8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ContextCryptRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 829835001-0
                                                                                                                                                                                                                                                                            • Opcode ID: 47f17947fa59aec40729a3978a7b2a505003c7c49b4124319887e58655a3ba02
                                                                                                                                                                                                                                                                            • Instruction ID: 64baf7261221b5ffe54fbc40594d84e1b565655e149ea0110d9cec942103bb98
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47f17947fa59aec40729a3978a7b2a505003c7c49b4124319887e58655a3ba02
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65B0123104020CB7C7101B41EC05F45BF2DD710750F004021F7040417087726560A5E9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00621292 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000112A0,00620755), ref: 00621297
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                            • Opcode ID: 39a75b6b8d1082bed50f5e7eda086675ee91ba90eb2b6e3166bf201bdefc1b78
                                                                                                                                                                                                                                                                            • Instruction ID: 5dd8b6ccc3b98be61983fe8a07620a11e8a197a9761c08c1ee3de94b19c88b77
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39a75b6b8d1082bed50f5e7eda086675ee91ba90eb2b6e3166bf201bdefc1b78
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061D340 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 857bf4b49e681c2c27a4ace97f7edf9c71749e21e75a38d0ae8195213dc0b6e0
                                                                                                                                                                                                                                                                            • Instruction ID: 3228cef1f36d96c9621da0d165bcd7175890835624175569886156b20d49b375
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 857bf4b49e681c2c27a4ace97f7edf9c71749e21e75a38d0ae8195213dc0b6e0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FA1A171E04215DBCB18CF68D8919AEB7F6FF48304F28466DE816E7391D730A980CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006266E4 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 16d87c4fe96b0d4b25017fbcc4b53e820724bef6781c8a42c4b197cd6fb34c29
                                                                                                                                                                                                                                                                            • Instruction ID: cfe384ad8f733eb163ea4019476c2b852abf7022c1758104bbbacf42b168daa5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16d87c4fe96b0d4b25017fbcc4b53e820724bef6781c8a42c4b197cd6fb34c29
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E615771600E3956DE389A28F9A57FE239BEF41708F20041EF882CB381D665DD838F65
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006112F0 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 434windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00611362
                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000002), ref: 0061136A
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00611386
                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 0061138E
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 006113AF
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 006113BB
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 006113C7
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 006113D3
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 006113DF
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 006113EB
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 006113F7
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 00611403
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 0061140F
                                                                                                                                                                                                                                                                            • DestroyIcon.USER32 ref: 0061141B
                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000029,000001F4,000001F4,00000000), ref: 00611460
                                                                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 0061146A
                                                                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 00611491
                                                                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 006114B8
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000064,00000001,00000030,00000030,00000000), ref: 00611669
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,STATIC,00000000,50000003,00000010,00000010,00000030,00000030,?,00000000,00000000), ref: 00611695
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000001), ref: 006116AE
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000050,?,?,?,?,00000000,00000000), ref: 006116ED
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00611703
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,STATIC,?,50000000,?,?,?,?,?,00000000,00000000), ref: 00611746
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000010,?,?,?,?,00000000,00000000), ref: 00611787
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000), ref: 006117A2
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000), ref: 006117B8
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B30: LoadStringW.USER32(00610000,00000000,006140A0,00000000), ref: 00613B55
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010001,00000010,?,?,?,?,00000000,00000000), ref: 00611810
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010000,?,?,?,?,?,00000000,00000000), ref: 00611851
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000), ref: 0061186C
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000), ref: 00611882
                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00611898
                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 006118EB
                                                                                                                                                                                                                                                                            • SetFocus.USER32 ref: 006118F7
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 0061190C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$CreateDestroy$Message$Send$DeleteFontIndirectObject$InfoLoadParametersPostQuitSystem$FocusIconImageProcString
                                                                                                                                                                                                                                                                            • String ID: BUTTON$STATIC
                                                                                                                                                                                                                                                                            • API String ID: 2791220612-3385952364
                                                                                                                                                                                                                                                                            • Opcode ID: e7356f1b5ecd273a5e736760f4ae947a5b6609a99230202330f1f88438fcfc48
                                                                                                                                                                                                                                                                            • Instruction ID: 7e30d798152193e93ddc6a4b200841625cfc9b70c4173dfcbb706c180cb3d70b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7356f1b5ecd273a5e736760f4ae947a5b6609a99230202330f1f88438fcfc48
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E02B471E41228AFEB618F64DC49BAABB76FF48700F105199F609A63E0D7715B80CF94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062BBA7 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0062BBEB
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B87B
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B88D
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B89F
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B8B1
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B8C3
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B8D5
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B8E7
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B8F9
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B90B
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B91D
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B92F
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B941
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B85E: _free.LIBCMT ref: 0062B953
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BBE0
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: HeapFree.KERNEL32(00000000,00000000,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?), ref: 00628DFF
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: GetLastError.KERNEL32(?,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?,?), ref: 00628E11
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BC02
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BC17
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BC22
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BC44
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BC57
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BC65
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BC70
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BCA8
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BCAF
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BCCC
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BCE4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                            • String ID: (c$Hc
                                                                                                                                                                                                                                                                            • API String ID: 161543041-3224457020
                                                                                                                                                                                                                                                                            • Opcode ID: b75c8b97018212f18855bd3ca1498d97328d5e14c4048b19f965a02938adc0c4
                                                                                                                                                                                                                                                                            • Instruction ID: e1a74194dc998372f7b8b71c420b39b55d5ef9ff3009ce7a80de0fd0981f6c51
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b75c8b97018212f18855bd3ca1498d97328d5e14c4048b19f965a02938adc0c4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7317135A01A21AFEB60AA35FC41B96B3EAEF00311F14582DF448D7291DF71AC448F64
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00611BF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 128windowregistryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • #17.COMCTL32(7A2810E3), ref: 00611C33
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000040), ref: 00611C6A
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00611C85
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B30: LoadStringW.USER32(00610000,00000000,006140A0,00000000), ref: 00613B55
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000032), ref: 00611CAE
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000031), ref: 00611CB8
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00611CC7
                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00611CE3
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,?,00000000,90880000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00611D05
                                                                                                                                                                                                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00611D1B
                                                                                                                                                                                                                                                                            • IsDialogMessageW.USER32(00000000,?), ref: 00611D2F
                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00611D3D
                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00611D47
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LoadMessage$Image$MetricsSystem$ClassCreateDialogDispatchRegisterStringTranslateWindow
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 2026041735-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: 05a1ec8db0786ea57a178664c77f5981d442e283b9735908f2b2c04412a62464
                                                                                                                                                                                                                                                                            • Instruction ID: b94cec871909f47c3d4cf3afdf1839852d64067d77b067df41d7d8b7d98d88b9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05a1ec8db0786ea57a178664c77f5981d442e283b9735908f2b2c04412a62464
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A414F71E40358BFEB209FA0DC49BEEBBBAEB04711F104119FA15AA3D0D7B45A44CB94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00615535 Relevance: 16.7, APIs: 11, Instructions: 166synchronizationfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00618080: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 0061809B
                                                                                                                                                                                                                                                                              • Part of subcall function 00618080: GetProcAddress.KERNEL32(00000000), ref: 006180A2
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000000C1), ref: 00615593
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 006155A2
                                                                                                                                                                                                                                                                            • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 006155D9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006155E9
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000420), ref: 00615602
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006175E3
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006175F4
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00617605
                                                                                                                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 006176A1
                                                                                                                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 006176B3
                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 006176EF
                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00617707
                                                                                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 00617718
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0061771F
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B70: #17.COMCTL32 ref: 00613B84
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B70: LoadStringW.USER32(00610000,000003E9,?,00000000), ref: 00613BA1
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B70: LoadStringW.USER32(00610000,?,?,00000000), ref: 00613BBA
                                                                                                                                                                                                                                                                              • Part of subcall function 00613B70: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00613BCF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Handle$Close$ExchangeInterlocked$CreateLoadMutexString_wcsrchr$AddressCopyErrorFileHardLastLinkMessageModuleProcRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3636221856-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7a91829c36484770a943d4336bf106124d2b92f2e6df22eba7eea643e29ed8d7
                                                                                                                                                                                                                                                                            • Instruction ID: 4b4255f0ccfe8be1561127d6ff794bec400e2abc08485ca9de307cdd1507193d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a91829c36484770a943d4336bf106124d2b92f2e6df22eba7eea643e29ed8d7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F514971E042289BEB60EB60EC45BDDB77AAF05701F0800E9E509E3291EF749FC48E95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00611FC0 Relevance: 15.1, APIs: 10, Instructions: 136COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00824049), ref: 00612021
                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00362620), ref: 00612042
                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00DBDBDA), ref: 00612054
                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00F67000), ref: 00612064
                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?), ref: 00612074
                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?), ref: 006120E3
                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?), ref: 0061210D
                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 00612118
                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(003F382C), ref: 0061214E
                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00FF9640), ref: 0061218A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: BrushCreateSolid$FillPaintRect$Begin
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2220257389-0
                                                                                                                                                                                                                                                                            • Opcode ID: 49f5bbae927542bc3f33ab7fc459cf742563f51e02acbb7a27c23740d4c267af
                                                                                                                                                                                                                                                                            • Instruction ID: 24fb4f671ca10f422a80b86d85b846ac0eb2021ad81a73732173616bb1876d6f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49f5bbae927542bc3f33ab7fc459cf742563f51e02acbb7a27c23740d4c267af
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1951A271A00219DFDB10CF78E8859E977B7FB0D301B14421AE506D73A2D731AA95CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006289B1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006289C5
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: HeapFree.KERNEL32(00000000,00000000,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?), ref: 00628DFF
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: GetLastError.KERNEL32(?,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?,?), ref: 00628E11
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006289D1
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006289DC
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006289E7
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006289F2
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006289FD
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628A08
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628A13
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628A1E
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628A2C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                            • Opcode ID: e7ef88923b99000d3499622319d1adba9c852d7bd47fc3b05f08229ed283716b
                                                                                                                                                                                                                                                                            • Instruction ID: 2377f6795e23ecdcbc50bb4dd5eb760c84ae9bd136b4de05ffaa32049598b66b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7ef88923b99000d3499622319d1adba9c852d7bd47fc3b05f08229ed283716b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E11D779902418FFCB41EF95EC42CD97FA6EF14351B4144AAFA088B262DA31DA54DF84
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00612BA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 319fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindResourceW.KERNEL32(00610000,?,0000000A,.edat,00000005,?,?,?,?,00000000,?,?,00000000), ref: 006130A3
                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00610000,00000000,?,?,00000000,?,?,00000000), ref: 006130B5
                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00610000,00000000,?,?,00000000,?,?,00000000), ref: 006130C3
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,00000004,00000001,00000000,00000002,00000080,00000000,?,?,00000000,?,?,00000000), ref: 006130EE
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,00000000), ref: 0061310B
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,00000000), ref: 00613112
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Resource$File$CloseCreateFindHandleLoadSizeofWrite
                                                                                                                                                                                                                                                                            • String ID: .edat$EDAT_
                                                                                                                                                                                                                                                                            • API String ID: 2436039785-3242799629
                                                                                                                                                                                                                                                                            • Opcode ID: 5a6e5b1da7aa098df7641192bea6650692979e4ddc2b230e6a7a73c79d1cdd95
                                                                                                                                                                                                                                                                            • Instruction ID: 9ecd94b58c545017041c477408d0c66eea76e48aa8975fa6d4e6ac9c79cff830
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a6e5b1da7aa098df7641192bea6650692979e4ddc2b230e6a7a73c79d1cdd95
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EA1D772E002159BDB14DFB8DC95AEEB7B6EF48301F19412DE816A7381D7309A45CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00618080 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 0061809B
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 006180A2
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?), ref: 006180D1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Unable to determine native architecture of the system!, xrefs: 00618101
                                                                                                                                                                                                                                                                            • kernel32, xrefs: 00618096
                                                                                                                                                                                                                                                                            • IsWow64Process2, xrefs: 00618091
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                                                                                            • String ID: IsWow64Process2$Unable to determine native architecture of the system!$kernel32
                                                                                                                                                                                                                                                                            • API String ID: 4190356694-2412497375
                                                                                                                                                                                                                                                                            • Opcode ID: 6f999655e60e8067f9eb5a00e58ccad7c23a5a30cafece17a258f1d89dbf11cd
                                                                                                                                                                                                                                                                            • Instruction ID: 18bda01a4c1912ceb1d3c75a2a153970c43b20cd558d23fc92f52a3b9d06642f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f999655e60e8067f9eb5a00e58ccad7c23a5a30cafece17a258f1d89dbf11cd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE116135E00228BB8B50AFF4EC459DEB7BAEF08701B01519AE806D3291DF359A448BD5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00618F10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to decode base64 string!), ref: 00618FD7
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00618FEF
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to decode base64 string!,?,0063B144,00000000), ref: 00618FF9
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00619011
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorException@8LastThrow
                                                                                                                                                                                                                                                                            • String ID: Unable to decode base64 string!$_a$_a
                                                                                                                                                                                                                                                                            • API String ID: 1006195485-2897782463
                                                                                                                                                                                                                                                                            • Opcode ID: 5d8d9c8c6e6ef971b084f5bd240327f03aad850a6bfac0f60e19b82403018a7c
                                                                                                                                                                                                                                                                            • Instruction ID: b738a33f3fd598f8b15a710c8c7bd36e6090d61a569a1266a82c52d8e55cb9b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d8d9c8c6e6ef971b084f5bd240327f03aad850a6bfac0f60e19b82403018a7c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4314771A44219ABDB20DF95DC46FEEB7BAFF04B14F104119B501A7280DBB56A44CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00611100 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59memorystringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32 ref: 00611115
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000000,?), ref: 0061111F
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000100), ref: 00611157
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0061115E
                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000060), ref: 0061116D
                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(?,\b86362a5.exe), ref: 00611187
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocProcess$DirectorySystemlstrcpy
                                                                                                                                                                                                                                                                            • String ID: \b86362a5.exe
                                                                                                                                                                                                                                                                            • API String ID: 2190664303-3123522761
                                                                                                                                                                                                                                                                            • Opcode ID: e1841088eafb0d2382080156d8859d6c60ecb34e1ffde47283edb92086e56133
                                                                                                                                                                                                                                                                            • Instruction ID: a74ea12a173a707cc285cb9dc20449056eed794f3e4fe25af8c96d5d37a48f17
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1841088eafb0d2382080156d8859d6c60ecb34e1ffde47283edb92086e56133
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A311E771900722BBD3109FA5EC45B96BBAAFF08710B04101AFA058B7A0D775E850C7E4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00628EAA Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,006290FB,00000001,00000001,8B000053), ref: 00628F04
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00628F3C
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,006290FB,00000001,00000001,8B000053,7A2810E3,?,?), ref: 00628F8A
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00629021
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,7A2810E3,8B000053,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00629084
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00629091
                                                                                                                                                                                                                                                                              • Part of subcall function 00628E23: HeapAlloc.KERNEL32(00000000,?,?,?,00622AA0,?,?,?,?,?,00617DDD,?,?), ref: 00628E55
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0062909A
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 006290BF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2597970681-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9520c1b53f68072db20f4e1da2bd42229547302f12db4999da67e8e8d88380ef
                                                                                                                                                                                                                                                                            • Instruction ID: 49a781749b0cb0a67641e22595052e8a811c680da1ca7d6688fd57b34f5f8635
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9520c1b53f68072db20f4e1da2bd42229547302f12db4999da67e8e8d88380ef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2151B572610A2AAFEB259E64EC41EEB77ABEB84750F15462CFC05D7240DB34DC51CEA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062EEDD Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0062F652,00000000,00000000,00000000,00000000,00000000,006267BA), ref: 0062EF1F
                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 0062EF9A
                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 0062EFB5
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0062EFDB
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,00000000,0062F652,00000000,?,?,?,?,?,?,?,?,?,0062F652,00000000), ref: 0062EFFA
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,00000001,0062F652,00000000,?,?,?,?,?,?,?,?,?,0062F652,00000000), ref: 0062F033
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                            • Opcode ID: e78adfb3ea8267695c2b8386d837bf7a2f08b0194db7ac7943d8eb32786d0527
                                                                                                                                                                                                                                                                            • Instruction ID: 94191c8b3f4201e374bfc74530daf97a477844101cc1ec856e82f03cf7adfbfd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e78adfb3ea8267695c2b8386d837bf7a2f08b0194db7ac7943d8eb32786d0527
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6351C270A006599FCB10CFA8E895AEEBBF6FF09300F14416AE952E7391D7709941CFA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00621D80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00621DAB
                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00621DB3
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00621E41
                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00621E6C
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00621EC1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                            • Opcode ID: 6324065ce64e5003d3c0ebf9beca0b6420ed4e0221170a7a8c92b1d4639bc572
                                                                                                                                                                                                                                                                            • Instruction ID: b2744408505c2dd66d6ceab844a6e813ca0364cf846fab9d60d0b2884888986e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6324065ce64e5003d3c0ebf9beca0b6420ed4e0221170a7a8c92b1d4639bc572
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D41D134A04629ABCB00DF68EC84ADEBBB6BF56314F158159EC146F391D731AE15CF90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061D860 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___from_strstr_to_strchr.LIBCMT ref: 0061D90A
                                                                                                                                                                                                                                                                              • Part of subcall function 00617DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00617DD8
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0061D997
                                                                                                                                                                                                                                                                              • Part of subcall function 0062203A: RaiseException.KERNEL32(?,?,00618071,?,?,?,?,?,?,?,?,00618071,?,0063B144,00000000), ref: 0062209A
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0061D9B2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise___from_strstr_to_strchr___std_exception_copy
                                                                                                                                                                                                                                                                            • String ID: 0123456789ABCDEF$Unable to convert invalid hexadecimal character!$Unable to convert invalid hexadecimal string!
                                                                                                                                                                                                                                                                            • API String ID: 2723989866-230084144
                                                                                                                                                                                                                                                                            • Opcode ID: 77c86f2fe75c56a4cc30054d1a3f96dd8add0d2e69ede033c1221f41def313e4
                                                                                                                                                                                                                                                                            • Instruction ID: 009e85f331790cd56abecdee09c43282cc9adb97bfcdd217e30403601f0b3f02
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77c86f2fe75c56a4cc30054d1a3f96dd8add0d2e69ede033c1221f41def313e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB41BE70A00646AFCB10CFA8C591BEEFBFAEF05710F144559E456A7381DB74A984CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062BA01 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0062B9C5: _free.LIBCMT ref: 0062B9EE
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BA4F
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: HeapFree.KERNEL32(00000000,00000000,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?), ref: 00628DFF
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: GetLastError.KERNEL32(?,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?,?), ref: 00628E11
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BA5A
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BA65
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BAB9
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BAC4
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BACF
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062BADA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                            • Opcode ID: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                                                                                                                            • Instruction ID: 999332ba79a9dd379e06676b9f4cbe47ef716c634fca47d590962d22c34ed014
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39115C31D42F28BAD6A0B7B0EC07FCBB79E9F0A700F400818B299660D3DB65A5484B54
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00622FFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00622FF1,00622215), ref: 00623008
                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00623016
                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0062302F
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00622FF1,00622215), ref: 00623081
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                            • Opcode ID: bcb1cd96d796318b313df8582191b926f96ffcc4e543fc19eb7f6030ec35fe8a
                                                                                                                                                                                                                                                                            • Instruction ID: 80e2f4af3e33144eb0b7fcffa952822b86f6afa1b97a9b1afa7664f9c677ebde
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcb1cd96d796318b313df8582191b926f96ffcc4e543fc19eb7f6030ec35fe8a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A01D432209F316EA77827747D85BAB2657DB11BB8320032EF210553F0EF5A4D515DA9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00628AA5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00624E11,?,?,?,006252E9,7A2810E3,00000000,?,0061D904,0123456789ABCDEF,7A2810E3,?,?,00000000), ref: 00628AA9
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628ADC
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628B04
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,006252E9,7A2810E3,00000000,?,0061D904,0123456789ABCDEF,7A2810E3,?,?,00000000,00618722), ref: 00628B11
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,006252E9,7A2810E3,00000000,?,0061D904,0123456789ABCDEF,7A2810E3,?,?,00000000,00618722), ref: 00628B1D
                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00628B23
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                            • Opcode ID: ea58d105ff3013efc1802ab24b01071e6d5306f1fcf2634224e225bccedc6e86
                                                                                                                                                                                                                                                                            • Instruction ID: 86b3514eda5afd241a355b07fd57717646b0e5d91d70c7f748d14a04f508d61a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea58d105ff3013efc1802ab24b01071e6d5306f1fcf2634224e225bccedc6e86
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99F0D135603E306FD24273287C0AB6B261BDBD2722F240419F804D73D2EF6289424AA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00613BF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00613BF5
                                                                                                                                                                                                                                                                              • Part of subcall function 0062059D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 006205A9
                                                                                                                                                                                                                                                                              • Part of subcall function 0062059D: __CxxThrowException@8.LIBVCRUNTIME ref: 006205B7
                                                                                                                                                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00613C05
                                                                                                                                                                                                                                                                              • Part of subcall function 006205BD: std::invalid_argument::invalid_argument.LIBCONCRT ref: 006205C9
                                                                                                                                                                                                                                                                              • Part of subcall function 006205BD: __CxxThrowException@8.LIBVCRUNTIME ref: 006205D7
                                                                                                                                                                                                                                                                              • Part of subcall function 006205BD: ___delayLoadHelper2@8.DELAYIMP ref: 006205EF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument$Helper2@8Load___delay
                                                                                                                                                                                                                                                                            • String ID: invalid string_view position$string too long$vector<T> too long
                                                                                                                                                                                                                                                                            • API String ID: 1134749845-2832074639
                                                                                                                                                                                                                                                                            • Opcode ID: d2437ff160460fe8dac29d2340ec63c68e8aab4316834a046c4f7dc60c0b87ce
                                                                                                                                                                                                                                                                            • Instruction ID: 8ffa33474a256b522b904f1fddfe15874323fda4863816d1932aa4f2a030829a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2437ff160460fe8dac29d2340ec63c68e8aab4316834a046c4f7dc60c0b87ce
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8F05CB0500A1C4A971CE330AC078E833979D00334F60472DB836C67D3DB20EF4589DA
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620A80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0063EA40,?,?,0061219F,0063E97C), ref: 00620A8A
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0063EA40,?,?,0061219F,0063E97C), ref: 00620ABD
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,0061219F,0063E97C), ref: 00620B4B
                                                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 00620B57
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalEventSection$EnterLeaveReset
                                                                                                                                                                                                                                                                            • String ID: @c
                                                                                                                                                                                                                                                                            • API String ID: 3553466030-1528801024
                                                                                                                                                                                                                                                                            • Opcode ID: 87ca8713aef0fc559281fcbc44ef549b6f69ed8cb769a1cb70eb94543d27cf2e
                                                                                                                                                                                                                                                                            • Instruction ID: cfa57a6a40f76b2616f02b6a447f0a3bc5c4dccf67b7c8ae3812e4c1fdd69356
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87ca8713aef0fc559281fcbc44ef549b6f69ed8cb769a1cb70eb94543d27cf2e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0016231600634DFCB089F58FD48A9577ABFB0A3117016469E802977A0CB726E10DFE4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00627CDF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00627C90,00000000,?,00627C30,00000000,0063BA28,0000000C,00627D87,00000000,00000002), ref: 00627CFF
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00627D12
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00627C90,00000000,?,00627C30,00000000,0063BA28,0000000C,00627D87,00000000,00000002), ref: 00627D35
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                            • Opcode ID: 4508f0480884062f0c09aa55ca0b6f89b1179b5e7cd389ccaa2910f98f82a397
                                                                                                                                                                                                                                                                            • Instruction ID: 25aec2c1a3cc3d5fb9796c78376f400e081bb28fe5e9a96ddffe5d11f5df883d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4508f0480884062f0c09aa55ca0b6f89b1179b5e7cd389ccaa2910f98f82a397
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78F04430600628BBDB119FA0EC49BEEBFB6EF04711F004558F805A6261DB714E80CED0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006281DB Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                            • Opcode ID: 672c597b2d3803628498d5b10d8880ae3a52c3b29b2017ddfd37c8c90e88f0c4
                                                                                                                                                                                                                                                                            • Instruction ID: bedfe9536cf3c0286ac3c2737385157a6f69d2528a08a44cfb5f1f880f4c5af6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 672c597b2d3803628498d5b10d8880ae3a52c3b29b2017ddfd37c8c90e88f0c4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0041D332A02A20DFDB14DF78DC81A99B7E6EF84714B154569E505EB382DB31AE01CF80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062A07D Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(7A2810E3,00000000,8B000053,0061D904,00000000,00000000,?,?,?,7A2810E3,00000001,0061D904,8B000053,00000001,?,?), ref: 0062A0CA
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0062A102
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0062A153
                                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0062A165
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0062A16E
                                                                                                                                                                                                                                                                              • Part of subcall function 00628E23: HeapAlloc.KERNEL32(00000000,?,?,?,00622AA0,?,?,?,?,?,00617DDD,?,?), ref: 00628E55
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1857427562-0
                                                                                                                                                                                                                                                                            • Opcode ID: 41b30ff13dc9fea07915c93760ff03295fb20498d225a7c4436dbc21f86d9d6a
                                                                                                                                                                                                                                                                            • Instruction ID: 544643c095e903d820aa1b34aa2f820381bf64af978004d9d4b926abca1ee70f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41b30ff13dc9fea07915c93760ff03295fb20498d225a7c4436dbc21f86d9d6a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8231C032A0062AABDB248FA5EC49DEE7BA6EB40760F040168FC14D6250E775CD61CFA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00628B29 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00625183,00628E66,?,?,00622AA0,?,?,?,?,?,00617DDD,?,?), ref: 00628B2E
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628B63
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628B8A
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?), ref: 00628B97
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?), ref: 00628BA0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                            • Opcode ID: bef79e9f4f2d3ca2945024e42b99442162e57bd066f83b2be57689cc0e515148
                                                                                                                                                                                                                                                                            • Instruction ID: 164170a157b653b6ec130e332332fed4ad2ef93dbcb36b47632a6192257796f5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bef79e9f4f2d3ca2945024e42b99442162e57bd066f83b2be57689cc0e515148
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA01A276502F306FD3122278BC85E6B262BEBD2773725002CF505933919F6189014D64
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062B95C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062B974
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: HeapFree.KERNEL32(00000000,00000000,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?), ref: 00628DFF
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: GetLastError.KERNEL32(?,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?,?), ref: 00628E11
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062B986
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062B998
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062B9AA
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062B9BC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0808621a48a0a15d8da0956c69585055f462a88003af3b2f4ca2e32ce4de0c37
                                                                                                                                                                                                                                                                            • Instruction ID: 0737f011a3ddfec6fbf9812860fda96594deedcc9f122c9df892dcb27f1cf2f1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0808621a48a0a15d8da0956c69585055f462a88003af3b2f4ca2e32ce4de0c37
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23F0FF32916A24AF8660EB64F886C56B3EBEF157517546C09F148D76C1CB31FCC48FA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00628450 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062846E
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: HeapFree.KERNEL32(00000000,00000000,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?), ref: 00628DFF
                                                                                                                                                                                                                                                                              • Part of subcall function 00628DE9: GetLastError.KERNEL32(?,?,0062B9F3,?,00000000,?,00000000,?,0062BA1A,?,00000007,?,?,0062BD3F,?,?), ref: 00628E11
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628480
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00628493
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006284A4
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006284B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                            • Opcode ID: fa13ebdb42cd4c9516207eecebd5762f1073c9107c7c6dd7f187d34841a08dcc
                                                                                                                                                                                                                                                                            • Instruction ID: 54c1e306cb0050199e21c6415c9cabeaf8e2450f52839fca1229ba715a38b1e4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa13ebdb42cd4c9516207eecebd5762f1073c9107c7c6dd7f187d34841a08dcc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FF01779C0AA31AFA751AF14FC415887AA3EB14721704251AF410972F1CB7609528FE8
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062750E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Microstub.exe,00000104), ref: 00627549
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00627614
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0062761E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\Microstub.exe
                                                                                                                                                                                                                                                                            • API String ID: 2506810119-2510639976
                                                                                                                                                                                                                                                                            • Opcode ID: f9ee382299f94442c5b1213711797299047247bcc4fbee2fab05e66a5522af19
                                                                                                                                                                                                                                                                            • Instruction ID: a1a46c7e64b490368a6f37ddb331de256408176dcaac1e0c68fcca2e6db93010
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9ee382299f94442c5b1213711797299047247bcc4fbee2fab05e66a5522af19
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F316571A09A28AFCB21DF99ED45DDEBBFAEB85310B10405AE404A7350DA708E40CF94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00617FE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00618004
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to determine the operating system version!), ref: 0061804E
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0061806C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Unable to determine the operating system version!, xrefs: 00618049
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorException@8LastThrowVersion
                                                                                                                                                                                                                                                                            • String ID: Unable to determine the operating system version!
                                                                                                                                                                                                                                                                            • API String ID: 2663129220-661432720
                                                                                                                                                                                                                                                                            • Opcode ID: 916b10298c0162ceefa8b92e2c48e557a3be9e252bab1d33cdb0abd91ecffcf6
                                                                                                                                                                                                                                                                            • Instruction ID: 2c027da593c4b3460145f67ad17946bc8e547b982407d15ce63a3a05207f1860
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 916b10298c0162ceefa8b92e2c48e557a3be9e252bab1d33cdb0abd91ecffcf6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A101267091017C56CB29AB659C655FEBBF5EF09301F4000EEB495E2282DA388B48DFA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620ACA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0063EA40,?,?,?,00612139,0063E974), ref: 00620AD5
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0063EA40,?,?,00612139,0063E974), ref: 00620B12
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: @c
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-1528801024
                                                                                                                                                                                                                                                                            • Opcode ID: c87327b205be11042a1c88284af50876ae5dea652cb3fac784ab89452cea5f35
                                                                                                                                                                                                                                                                            • Instruction ID: f7063df02960890fa6135872254b3aa44da4b1b9acc19246a0ca3757685457a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c87327b205be11042a1c88284af50876ae5dea652cb3fac784ab89452cea5f35
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64F0E234200620DFD7249F04E844B64BBAAEB42732F10062DE955433E2CB721882CFA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006216E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0062176C: GetLastError.KERNEL32 ref: 0062177E
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0061100A), ref: 00621713
                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0061100A), ref: 00621722
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0062171D
                                                                                                                                                                                                                                                                            • ,Nc, xrefs: 00621703
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                            • String ID: ,Nc$ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                            • API String ID: 389471666-357146154
                                                                                                                                                                                                                                                                            • Opcode ID: 69ce4f90dd2d91ef8d53eea5df6d3ddfca7427484e9c9c2bf5d56a80f9da25dc
                                                                                                                                                                                                                                                                            • Instruction ID: e754127b8d6d5385fd60f8c823e7db030a274c4de8677e9ef2b2a1e6c2e4ee6d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69ce4f90dd2d91ef8d53eea5df6d3ddfca7427484e9c9c2bf5d56a80f9da25dc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7E06D70608B618BD3609F25E504742BAE6AB55385F00892CE451C6740DBB5E5458FE1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006292FC Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                            • Opcode ID: 59875573e72320a7118c1066d22839fbe5f18940918a11b40eb48330f722db00
                                                                                                                                                                                                                                                                            • Instruction ID: c12a546acb84e9326099317a936abcc78f9f68845ed8ba188beac37cde431a95
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59875573e72320a7118c1066d22839fbe5f18940918a11b40eb48330f722db00
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79A15A71A04A669FDB26CF28E8917EEBBE2EF95350F14416DD4859B382C2348942CF64
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006111E0 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00611206
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00611214
                                                                                                                                                                                                                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,-00000002,?), ref: 0061128F
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,?), ref: 006112D5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExtentObjectPoint32ReleaseSelectText
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4006923989-0
                                                                                                                                                                                                                                                                            • Opcode ID: 215631d3b58894e1bd4bb4bbadc065ddd56db98fd5edc38e9e764f56e00f626b
                                                                                                                                                                                                                                                                            • Instruction ID: 3284817af917891ec42132052eaee78ff514de78edd43084edd56a4469850e3b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 215631d3b58894e1bd4bb4bbadc065ddd56db98fd5edc38e9e764f56e00f626b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64311C75A002289BCB50DF64DC45ADAB7FAFF49300F14D1A9E949A7200DE74AF868FD0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 006232B2 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 006232CC
                                                                                                                                                                                                                                                                              • Part of subcall function 00623219: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00623248
                                                                                                                                                                                                                                                                              • Part of subcall function 00623219: ___AdjustPointer.LIBCMT ref: 00623263
                                                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 006232E1
                                                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 006232F2
                                                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 0062331A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                                                                                                                            • Instruction ID: dc5194d406d928498b75208dd7c2b9b908642616ea048e0fe01035afd7e156a1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD018C32200529FBCF126E95EC41DEB3B6AEF58744F044008FE4866221C736EA61DFA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0062B1D4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,0062B17B,?,00000000,00000000,00000000,?,0062B378,00000006,FlsSetValue), ref: 0062B206
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0062B17B,?,00000000,00000000,00000000,?,0062B378,00000006,FlsSetValue,00636E08,FlsSetValue,00000000,00000364,?,00628B77), ref: 0062B212
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0062B17B,?,00000000,00000000,00000000,?,0062B378,00000006,FlsSetValue,00636E08,FlsSetValue,00000000), ref: 0062B220
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1e881b95e2f3bdb2fd4be5438561af62cac8ac5045e6f79e28a0fbf64aaac9bf
                                                                                                                                                                                                                                                                            • Instruction ID: 58fa927ce0542dc0cf7291272c80fdc9ab5101d56a0104071a5db344cabb82bd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e881b95e2f3bdb2fd4be5438561af62cac8ac5045e6f79e28a0fbf64aaac9bf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E018836612736EBC7214A79BC449BB779AEF097A17116520FD06D7741D720DA01CEE0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00613B70 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • #17.COMCTL32 ref: 00613B84
                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00610000,000003E9,?,00000000), ref: 00613BA1
                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00610000,?,?,00000000), ref: 00613BBA
                                                                                                                                                                                                                                                                            • MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00613BCF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LoadString$Message
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2278601591-0
                                                                                                                                                                                                                                                                            • Opcode ID: a574b8138a1fed957891ea49c6bdf5d5cdd8d32ab630a802b429a5e2d10ee73e
                                                                                                                                                                                                                                                                            • Instruction ID: 6431ade2446bc942c4f0d7253f6beaa964d3def948269c154bf11cb3b2c30e40
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a574b8138a1fed957891ea49c6bdf5d5cdd8d32ab630a802b429a5e2d10ee73e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46F04F35A44218BBEB00AF94DC4AFDDBB79EF08702F004095FA04A62D0CBB15B448BD5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00629CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                            • String ID: Pc
                                                                                                                                                                                                                                                                            • API String ID: 269201875-1006579842
                                                                                                                                                                                                                                                                            • Opcode ID: d56bca2eb06bb677ef19354b01d6ba9102ec47264b47b0cfba99de8452906313
                                                                                                                                                                                                                                                                            • Instruction ID: 1b689c66e3ffe9051d08e57c18d97124771f0f05cdaed78d4468f92d0b782d51
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d56bca2eb06bb677ef19354b01d6ba9102ec47264b47b0cfba99de8452906313
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73119371E12A219ADB209F38FC45B553697AB91724F142A2AF520CB3E0D7B0C8429BD0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00620900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00620900
                                                                                                                                                                                                                                                                              • Part of subcall function 00620944: InitializeCriticalSectionAndSpinCount.KERNEL32(0063EA40,00000FA0,7A2810E3,?,?,?,?,00632624,000000FF), ref: 00620973
                                                                                                                                                                                                                                                                              • Part of subcall function 00620944: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00632624,000000FF), ref: 0062097E
                                                                                                                                                                                                                                                                              • Part of subcall function 00620944: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00632624,000000FF), ref: 0062098F
                                                                                                                                                                                                                                                                              • Part of subcall function 00620944: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 006209A5
                                                                                                                                                                                                                                                                              • Part of subcall function 00620944: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 006209B3
                                                                                                                                                                                                                                                                              • Part of subcall function 00620944: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 006209C1
                                                                                                                                                                                                                                                                              • Part of subcall function 00620944: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006209EC
                                                                                                                                                                                                                                                                              • Part of subcall function 00620944: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006209F7
                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 00620921
                                                                                                                                                                                                                                                                              • Part of subcall function 00620F59: __onexit.LIBCMT ref: 00620F5F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                            • String ID: h@c
                                                                                                                                                                                                                                                                            • API String ID: 66158676-3361242249
                                                                                                                                                                                                                                                                            • Opcode ID: 060442c822165109f5e6cdb5c10a96772b7da091ccafc9e37b88201105305d38
                                                                                                                                                                                                                                                                            • Instruction ID: ae2f9ad646e44e334101449eb7ade6f36edb3deb239aeb84e0970df1e7f86ed6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 060442c822165109f5e6cdb5c10a96772b7da091ccafc9e37b88201105305d38
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86C08C1668CE3522F4C832B03823B8C02030B02725F60440CBA1D2C0C38D6040801C1E
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061FAC0 Relevance: 5.2, APIs: 4, Instructions: 151memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0061FC26
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0061FC2D
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0061FC4D
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0061FC54
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0d87ff87c6371da6748f3e94f1d8dee7b0775c992c03d225b09f35fb146b1c9e
                                                                                                                                                                                                                                                                            • Instruction ID: 82fa0d5889fbaea5e981c45aee9a0e92a8c422a0f8f05bf41d4b8205dbd1e6ca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d87ff87c6371da6748f3e94f1d8dee7b0775c992c03d225b09f35fb146b1c9e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34518D71E002299FDB10DFA4D894AEEB7B9FF08314F084168E814AB351D775AE85CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0061F800 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000004,?,?,?,0061FCED,?,00000000,?,?,?,00000000), ref: 0061F814
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,0061FCED,?,00000000,?,?,?,00000000), ref: 0061F81B
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,0061FCED,?,00000000,?,?,?,00000000), ref: 0061F85A
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0061F861
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2975965867.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2975885820.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976080164.0000000000633000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976186899.000000000063E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2976274014.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_610000_Microstub.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 756756679-0
                                                                                                                                                                                                                                                                            • Opcode ID: 71b4c09f86fd8f94ba0ecf9a16bde781380e3561cc33a62e024b60f11cce22f3
                                                                                                                                                                                                                                                                            • Instruction ID: 8c91cadbd192f955fa19f03d326042a290e1fae883bee445fe71eb13a75924ba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71b4c09f86fd8f94ba0ecf9a16bde781380e3561cc33a62e024b60f11cce22f3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 221191B1600921ABD7109F69DC05BA6F76AFF40764F048625F919DB780C731E961CBD4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:5.5%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                                            Total number of Nodes:484
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:28
                                                                                                                                                                                                                                                                            execution_graph 3445 7ff71ddc02c0 3446 7ff71ddc0311 Concurrency::cancel_current_task 3445->3446 3447 7ff71de589f0 _invalid_parameter_noinfo_noreturn 8 API calls 3446->3447 3448 7ff71ddc04a1 3447->3448 2719 7ff71ddac180 2720 7ff71ddac197 2719->2720 2729 7ff71ddac1c1 2719->2729 2721 7ff71ddac1a0 2720->2721 2722 7ff71ddac1d6 2720->2722 2737 7ff71de58a40 2721->2737 2749 7ff71ddac340 2722->2749 2725 7ff71ddac1a8 2726 7ff71ddac1b0 2725->2726 2765 7ff71de68950 2725->2765 2730 7ff71ddac1cf 2729->2730 2732 7ff71de58a6a 2729->2732 2746 7ff71de81e00 2729->2746 2733 7ff71de58a75 2732->2733 2770 7ff71de55dd4 2732->2770 2735 7ff71ddac340 Concurrency::cancel_current_task 56 API calls 2733->2735 2736 7ff71de58a7b 2735->2736 2738 7ff71de58a4b 2737->2738 2739 7ff71de58a64 2738->2739 2740 7ff71de81e00 Concurrency::cancel_current_task 2 API calls 2738->2740 2741 7ff71de58a6a 2738->2741 2739->2725 2740->2738 2742 7ff71de58a75 2741->2742 2743 7ff71de55dd4 Concurrency::cancel_current_task 56 API calls 2741->2743 2744 7ff71ddac340 Concurrency::cancel_current_task 56 API calls 2742->2744 2743->2742 2745 7ff71de58a7b 2744->2745 2745->2725 2780 7ff71de81e3c 2746->2780 2750 7ff71ddac34e Concurrency::cancel_current_task 2749->2750 2786 7ff71de5b9a0 2750->2786 2752 7ff71ddac35f 2753 7ff71ddac39a 2752->2753 2754 7ff71ddac448 2752->2754 2755 7ff71ddac3a8 Concurrency::cancel_current_task 2753->2755 2757 7ff71ddac44d 2753->2757 2758 7ff71ddac3d9 2753->2758 2809 7ff71ddac110 2754->2809 2755->2725 2759 7ff71ddac340 Concurrency::cancel_current_task 56 API calls 2757->2759 2791 7ff71ddac180 2758->2791 2761 7ff71ddac453 2759->2761 2819 7ff71de5aa90 2761->2819 2762 7ff71ddac3f0 Concurrency::cancel_current_task 2762->2725 2766 7ff71de687c4 _invalid_parameter_noinfo 52 API calls 2765->2766 2767 7ff71de68969 2766->2767 2768 7ff71de68980 _invalid_parameter_noinfo_noreturn 17 API calls 2767->2768 2769 7ff71de6897e 2768->2769 2771 7ff71de55de2 Concurrency::cancel_current_task 2770->2771 2772 7ff71de5b9a0 Concurrency::cancel_current_task 2 API calls 2771->2772 2773 7ff71de55df3 Concurrency::cancel_current_task 2772->2773 2774 7ff71de5b9a0 Concurrency::cancel_current_task 2 API calls 2773->2774 2775 7ff71de55e13 2774->2775 3070 7ff71ddc6390 2775->3070 2778 7ff71de5b9a0 Concurrency::cancel_current_task 2 API calls 2779 7ff71de55e36 2778->2779 2785 7ff71de81558 EnterCriticalSection 2780->2785 2782 7ff71de81e49 2783 7ff71de815b8 std::locale::_Setgloballocale LeaveCriticalSection 2782->2783 2784 7ff71de81e0e 2783->2784 2784->2729 2787 7ff71de5b9bf 2786->2787 2788 7ff71de5b9e8 RtlPcToFileHeader 2787->2788 2789 7ff71de5ba0a RaiseException 2787->2789 2790 7ff71de5ba00 2788->2790 2789->2752 2790->2789 2792 7ff71ddac197 2791->2792 2801 7ff71ddac1c1 2791->2801 2793 7ff71ddac1a0 2792->2793 2794 7ff71ddac1d6 2792->2794 2795 7ff71de58a40 Concurrency::cancel_current_task 56 API calls 2793->2795 2796 7ff71ddac340 Concurrency::cancel_current_task 56 API calls 2794->2796 2797 7ff71ddac1a8 2795->2797 2796->2797 2798 7ff71ddac1b0 2797->2798 2799 7ff71de68950 _invalid_parameter_noinfo_noreturn 52 API calls 2797->2799 2798->2762 2800 7ff71ddac1e1 2799->2800 2802 7ff71ddac1cf 2801->2802 2803 7ff71de81e00 Concurrency::cancel_current_task 2 API calls 2801->2803 2804 7ff71de58a6a 2801->2804 2802->2762 2803->2801 2805 7ff71de58a75 2804->2805 2806 7ff71de55dd4 Concurrency::cancel_current_task 56 API calls 2804->2806 2807 7ff71ddac340 Concurrency::cancel_current_task 56 API calls 2805->2807 2806->2805 2808 7ff71de58a7b 2807->2808 2808->2762 2825 7ff71de55e38 2809->2825 2820 7ff71de5aab1 2819->2820 2824 7ff71ddac496 2819->2824 2821 7ff71de5aae6 2820->2821 2820->2824 2833 7ff71de7a398 2820->2833 2842 7ff71de689e0 2821->2842 2824->2725 2830 7ff71de55ca8 2825->2830 2828 7ff71de5b9a0 Concurrency::cancel_current_task 2 API calls 2829 7ff71de55e5a 2828->2829 2831 7ff71de5aa90 __std_exception_copy 54 API calls 2830->2831 2832 7ff71de55cdc 2831->2832 2832->2828 2834 7ff71de7a3a5 2833->2834 2835 7ff71de7a3af 2833->2835 2834->2835 2840 7ff71de7a3ca 2834->2840 2849 7ff71de6a5dc 2835->2849 2837 7ff71de7a3b6 2852 7ff71de68930 2837->2852 2839 7ff71de7a3c2 2839->2821 2840->2839 2841 7ff71de6a5dc __free_lconv_mon 11 API calls 2840->2841 2841->2837 2843 7ff71de82d04 2842->2843 2844 7ff71de82d09 RtlRestoreThreadPreferredUILanguages 2843->2844 2845 7ff71de82d3a 2843->2845 2844->2845 2846 7ff71de82d24 GetLastError 2844->2846 2845->2824 2847 7ff71de82d31 __free_lconv_mon 2846->2847 2848 7ff71de6a5dc __free_lconv_mon 11 API calls 2847->2848 2848->2845 2855 7ff71de82ab8 GetLastError 2849->2855 2851 7ff71de6a5e5 2851->2837 2904 7ff71de687c4 2852->2904 2856 7ff71de82af9 FlsSetValue 2855->2856 2858 7ff71de82adc 2855->2858 2857 7ff71de82b0b 2856->2857 2870 7ff71de82ae9 SetLastError 2856->2870 2872 7ff71de82ed0 2857->2872 2858->2856 2858->2870 2861 7ff71de82b1a 2862 7ff71de82b38 FlsSetValue 2861->2862 2863 7ff71de82b28 FlsSetValue 2861->2863 2864 7ff71de82b56 2862->2864 2865 7ff71de82b44 FlsSetValue 2862->2865 2866 7ff71de82b31 2863->2866 2885 7ff71de826e4 2864->2885 2865->2866 2879 7ff71de82d04 2866->2879 2870->2851 2877 7ff71de82ee1 __free_lconv_mon 2872->2877 2873 7ff71de82f32 2876 7ff71de6a5dc __free_lconv_mon 10 API calls 2873->2876 2874 7ff71de82f16 HeapAlloc 2875 7ff71de82f30 2874->2875 2874->2877 2875->2861 2876->2875 2877->2873 2877->2874 2878 7ff71de81e00 Concurrency::cancel_current_task 2 API calls 2877->2878 2878->2877 2880 7ff71de82d09 RtlRestoreThreadPreferredUILanguages 2879->2880 2881 7ff71de82d3a 2879->2881 2880->2881 2882 7ff71de82d24 GetLastError 2880->2882 2881->2870 2883 7ff71de82d31 __free_lconv_mon 2882->2883 2884 7ff71de6a5dc __free_lconv_mon 9 API calls 2883->2884 2884->2881 2890 7ff71de825bc 2885->2890 2902 7ff71de81558 EnterCriticalSection 2890->2902 2905 7ff71de687ef 2904->2905 2912 7ff71de68860 2905->2912 2908 7ff71de68839 2910 7ff71de6884e 2908->2910 2911 7ff71de68540 _invalid_parameter_noinfo 52 API calls 2908->2911 2910->2839 2911->2910 2931 7ff71de685a8 2912->2931 2916 7ff71de68816 2916->2908 2922 7ff71de68540 2916->2922 2923 7ff71de68593 2922->2923 2924 7ff71de68553 GetLastError 2922->2924 2923->2908 2925 7ff71de68563 2924->2925 2926 7ff71de82b80 _invalid_parameter_noinfo 16 API calls 2925->2926 2927 7ff71de6857e SetLastError 2926->2927 2927->2923 2928 7ff71de685a1 2927->2928 2983 7ff71de762a8 2928->2983 2932 7ff71de685c4 GetLastError 2931->2932 2933 7ff71de685ff 2931->2933 2934 7ff71de685d4 2932->2934 2933->2916 2937 7ff71de68614 2933->2937 2944 7ff71de82b80 2934->2944 2938 7ff71de68648 2937->2938 2939 7ff71de68630 GetLastError SetLastError 2937->2939 2938->2916 2940 7ff71de68980 IsProcessorFeaturePresent 2938->2940 2939->2938 2941 7ff71de68993 2940->2941 2961 7ff71de68660 2941->2961 2945 7ff71de82bba FlsSetValue 2944->2945 2946 7ff71de82b9f FlsGetValue 2944->2946 2947 7ff71de685ef SetLastError 2945->2947 2949 7ff71de82bc7 2945->2949 2946->2947 2948 7ff71de82bb4 2946->2948 2947->2933 2948->2945 2950 7ff71de82ed0 __free_lconv_mon 11 API calls 2949->2950 2951 7ff71de82bd6 2950->2951 2952 7ff71de82bf4 FlsSetValue 2951->2952 2953 7ff71de82be4 FlsSetValue 2951->2953 2955 7ff71de82c12 2952->2955 2956 7ff71de82c00 FlsSetValue 2952->2956 2954 7ff71de82bed 2953->2954 2957 7ff71de82d04 __free_lconv_mon 11 API calls 2954->2957 2958 7ff71de826e4 __free_lconv_mon 11 API calls 2955->2958 2956->2954 2957->2947 2959 7ff71de82c1a 2958->2959 2960 7ff71de82d04 __free_lconv_mon 11 API calls 2959->2960 2960->2947 2962 7ff71de6869a _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 2961->2962 2963 7ff71de686c2 RtlCaptureContext RtlLookupFunctionEntry 2962->2963 2964 7ff71de686fc RtlVirtualUnwind 2963->2964 2965 7ff71de68732 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2963->2965 2964->2965 2966 7ff71de68784 _invalid_parameter_noinfo_noreturn 2965->2966 2969 7ff71de589f0 2966->2969 2970 7ff71de589f9 2969->2970 2971 7ff71de58a04 GetCurrentProcess TerminateProcess 2970->2971 2972 7ff71de59140 IsProcessorFeaturePresent 2970->2972 2973 7ff71de59158 2972->2973 2978 7ff71de59334 RtlCaptureContext 2973->2978 2979 7ff71de5934e RtlLookupFunctionEntry 2978->2979 2980 7ff71de5916b 2979->2980 2981 7ff71de59364 RtlVirtualUnwind 2979->2981 2982 7ff71de59100 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2980->2982 2981->2979 2981->2980 2992 7ff71de876dc 2983->2992 3020 7ff71de87694 2992->3020 3025 7ff71de81558 EnterCriticalSection 3020->3025 3073 7ff71ddc6320 3070->3073 3074 7ff71de5aa90 __std_exception_copy 54 API calls 3073->3074 3075 7ff71ddc6370 3074->3075 3076 7ff71de589f0 _invalid_parameter_noinfo_noreturn 8 API calls 3075->3076 3077 7ff71ddc6380 3076->3077 3077->2778 3191 7ff71de393d0 3192 7ff71de39427 3191->3192 3193 7ff71de393e3 3191->3193 3201 7ff71de58f90 3193->3201 3196 7ff71de58f90 55 API calls 3197 7ff71de393fb 3196->3197 3198 7ff71de58f90 55 API calls 3197->3198 3199 7ff71de39407 3198->3199 3204 7ff71de49f00 3199->3204 3207 7ff71de58f54 3201->3207 3203 7ff71de393ef 3203->3196 3205 7ff71de58a40 Concurrency::cancel_current_task 56 API calls 3204->3205 3206 7ff71de49f23 3205->3206 3206->3192 3206->3206 3208 7ff71de58f6e 3207->3208 3210 7ff71de58f67 3207->3210 3211 7ff71de82234 3208->3211 3210->3203 3214 7ff71de81e70 3211->3214 3221 7ff71de81558 EnterCriticalSection 3214->3221 3216 7ff71de81e8c 3217 7ff71de81ee8 55 API calls 3216->3217 3218 7ff71de81e95 3217->3218 3219 7ff71de815b8 std::locale::_Setgloballocale LeaveCriticalSection 3218->3219 3220 7ff71de81e9e 3219->3220 3220->3210 3222 7ff71de38f30 3223 7ff71de38f44 3222->3223 3233 7ff71de38fc6 3222->3233 3224 7ff71de58a40 Concurrency::cancel_current_task 56 API calls 3223->3224 3225 7ff71de38f60 InitializeCriticalSection 3224->3225 3226 7ff71de38fcb 3225->3226 3225->3233 3234 7ff71de01a60 3226->3234 3228 7ff71de38fd0 3239 7ff71ddc5a10 3228->3239 3230 7ff71de38fd9 3231 7ff71ddc5a10 52 API calls 3230->3231 3232 7ff71de38fe2 DeleteCriticalSection 3231->3232 3232->3233 3235 7ff71de01ad2 3234->3235 3236 7ff71de01a7c 3234->3236 3235->3228 3236->3235 3237 7ff71de68950 _invalid_parameter_noinfo_noreturn 52 API calls 3236->3237 3238 7ff71de01af7 3237->3238 3240 7ff71ddc5a27 3239->3240 3241 7ff71ddc5a50 3239->3241 3240->3241 3242 7ff71de68950 _invalid_parameter_noinfo_noreturn 52 API calls 3240->3242 3241->3230 3243 7ff71ddc5a70 3242->3243 3243->3230 3308 7ff71dda717a 3310 7ff71dda717d 3308->3310 3309 7ff71dda7320 3310->3309 3311 7ff71dda72ea RtlVirtualUnwind 3310->3311 3311->3309 3449 7ff71de5bcd0 3456 7ff71de6708c 3449->3456 3452 7ff71de5bcdd 3457 7ff71de67094 3456->3457 3459 7ff71de670c5 3457->3459 3460 7ff71de5bcd9 3457->3460 3469 7ff71de673c0 3457->3469 3461 7ff71de670f0 __vcrt_uninitialize_locks DeleteCriticalSection 3459->3461 3460->3452 3462 7ff71de5be6c 3460->3462 3461->3460 3474 7ff71de67294 3462->3474 3470 7ff71de67144 __vcrt_FlsAlloc 5 API calls 3469->3470 3471 7ff71de673f6 3470->3471 3472 7ff71de6740b InitializeCriticalSectionAndSpinCount 3471->3472 3473 7ff71de67400 3471->3473 3472->3473 3473->3457 3475 7ff71de67144 __vcrt_FlsAlloc 5 API calls 3474->3475 3476 7ff71de672b9 TlsAlloc 3475->3476 3244 7ff71de56c30 3255 7ff71de56f68 3244->3255 3246 7ff71de56c52 3254 7ff71de56c96 Concurrency::cancel_current_task 3246->3254 3259 7ff71de56e28 3246->3259 3248 7ff71de56c6a 3262 7ff71de56e58 3248->3262 3251 7ff71de56d0a 3253 7ff71de689e0 __std_exception_destroy 13 API calls 3253->3254 3266 7ff71de56fe0 3254->3266 3256 7ff71de56f77 3255->3256 3258 7ff71de56f7c 3255->3258 3270 7ff71de815d4 3256->3270 3258->3246 3260 7ff71de58a40 Concurrency::cancel_current_task 56 API calls 3259->3260 3261 7ff71de56e3a 3260->3261 3261->3248 3263 7ff71de56c75 3262->3263 3264 7ff71de56e6a 3262->3264 3263->3253 3263->3254 3303 7ff71de58578 3264->3303 3267 7ff71de56feb LeaveCriticalSection 3266->3267 3268 7ff71de56ff4 3266->3268 3268->3251 3273 7ff71de83a88 3270->3273 3294 7ff71de83170 3273->3294 3276 7ff71de83170 std::_Lockit::_Lockit 5 API calls 3277 7ff71de83ac7 3276->3277 3278 7ff71de83170 std::_Lockit::_Lockit 5 API calls 3277->3278 3279 7ff71de83ae6 3278->3279 3280 7ff71de83170 std::_Lockit::_Lockit 5 API calls 3279->3280 3281 7ff71de83b05 3280->3281 3282 7ff71de83170 std::_Lockit::_Lockit 5 API calls 3281->3282 3283 7ff71de83b24 3282->3283 3284 7ff71de83170 std::_Lockit::_Lockit 5 API calls 3283->3284 3285 7ff71de83b43 3284->3285 3286 7ff71de83170 std::_Lockit::_Lockit 5 API calls 3285->3286 3287 7ff71de83b62 3286->3287 3288 7ff71de83170 std::_Lockit::_Lockit 5 API calls 3287->3288 3289 7ff71de83b81 3288->3289 3290 7ff71de83170 std::_Lockit::_Lockit 5 API calls 3289->3290 3291 7ff71de83ba0 3290->3291 3292 7ff71de83170 std::_Lockit::_Lockit 5 API calls 3291->3292 3293 7ff71de83bbf 3292->3293 3295 7ff71de831d1 3294->3295 3301 7ff71de831cc __vcrt_FlsAlloc 3294->3301 3295->3276 3296 7ff71de83200 LoadLibraryW 3298 7ff71de832d5 3296->3298 3299 7ff71de83225 GetLastError 3296->3299 3297 7ff71de832f5 GetProcAddressForCaller 3297->3295 3298->3297 3300 7ff71de832ec FreeLibrary 3298->3300 3299->3301 3300->3297 3301->3295 3301->3296 3301->3297 3302 7ff71de8325f LoadLibraryExW 3301->3302 3302->3298 3302->3301 3304 7ff71de585ad 3303->3304 3305 7ff71de58586 EncodePointer 3303->3305 3306 7ff71de762a8 std::locale::_Setgloballocale 52 API calls 3304->3306 3305->3263 3307 7ff71de585b2 DeleteCriticalSection 3306->3307 3312 7ff71de8890c 3313 7ff71de8893c 3312->3313 3320 7ff71de885ec 3313->3320 3316 7ff71de88988 3318 7ff71de8899d 3316->3318 3319 7ff71de68540 _invalid_parameter_noinfo 52 API calls 3316->3319 3317 7ff71de68540 _invalid_parameter_noinfo 52 API calls 3317->3316 3319->3318 3321 7ff71de8861a 3320->3321 3322 7ff71de8861f 3321->3322 3326 7ff71de88710 3321->3326 3323 7ff71de68860 _invalid_parameter_noinfo 52 API calls 3322->3323 3325 7ff71de88650 3322->3325 3323->3325 3325->3316 3325->3317 3327 7ff71de88743 3326->3327 3328 7ff71de88785 3327->3328 3329 7ff71de88758 3327->3329 3338 7ff71de88748 3327->3338 3331 7ff71de88793 3328->3331 3345 7ff71de69fe0 3328->3345 3330 7ff71de68860 _invalid_parameter_noinfo 52 API calls 3329->3330 3330->3338 3333 7ff71de887a7 3331->3333 3334 7ff71de887cb 3331->3334 3352 7ff71de8eb9c 3333->3352 3335 7ff71de887d4 3334->3335 3336 7ff71de888aa 3334->3336 3335->3338 3358 7ff71de8a554 3335->3358 3336->3338 3340 7ff71de8a554 MultiByteToWideChar 3336->3340 3338->3322 3338->3338 3340->3338 3346 7ff71de68540 _invalid_parameter_noinfo 52 API calls 3345->3346 3347 7ff71de69ff7 3346->3347 3361 7ff71de82e2c 3347->3361 3353 7ff71de8ecb4 3352->3353 3357 7ff71de8ebcd 3352->3357 3354 7ff71de903ec 8 API calls 3353->3354 3356 7ff71de8ec89 3353->3356 3354->3353 3356->3338 3357->3356 3385 7ff71de903ec 3357->3385 3359 7ff71de8a55c MultiByteToWideChar 3358->3359 3362 7ff71de6a01f 3361->3362 3363 7ff71de82e45 3361->3363 3365 7ff71de82e98 3362->3365 3363->3362 3369 7ff71de8a8e4 3363->3369 3366 7ff71de6a02f 3365->3366 3367 7ff71de82eb1 3365->3367 3366->3331 3367->3366 3382 7ff71de8b220 3367->3382 3370 7ff71de82940 std::locale::_Setgloballocale 52 API calls 3369->3370 3371 7ff71de8a8f3 3370->3371 3372 7ff71de8a93e 3371->3372 3381 7ff71de81558 EnterCriticalSection 3371->3381 3372->3362 3383 7ff71de82940 std::locale::_Setgloballocale 52 API calls 3382->3383 3384 7ff71de8b229 3383->3384 3388 7ff71de90450 3385->3388 3386 7ff71de589f0 _invalid_parameter_noinfo_noreturn 8 API calls 3387 7ff71de905b6 3386->3387 3387->3357 3388->3386 3482 7ff71ddc0c30 3483 7ff71ddc0c6c 3482->3483 3487 7ff71ddc0c93 Concurrency::cancel_current_task 3482->3487 3484 7ff71ddc0c71 3483->3484 3483->3487 3485 7ff71de589f0 _invalid_parameter_noinfo_noreturn 8 API calls 3484->3485 3486 7ff71ddc0c8d 3485->3486 3488 7ff71de589f0 _invalid_parameter_noinfo_noreturn 8 API calls 3487->3488 3489 7ff71ddc0e32 3488->3489 3417 7ff71ddb2ff0 3418 7ff71ddb300c 3417->3418 3436 7ff71ddb3187 3418->3436 3437 7ff71ddc5e50 3418->3437 3420 7ff71ddc5e50 56 API calls 3422 7ff71ddb3194 3420->3422 3436->3420 3442 7ff71ddc5dc0 3437->3442 3440 7ff71de5b9a0 Concurrency::cancel_current_task 2 API calls 3441 7ff71ddc5e79 3440->3441 3443 7ff71ddc6320 Concurrency::cancel_current_task 54 API calls 3442->3443 3444 7ff71ddc5de1 3443->3444 3444->3440 3078 7ff71dde33f0 IsProcessorFeaturePresent 3079 7ff71dde3427 GetModuleHandleA GetProcAddress 3078->3079 3080 7ff71dde345b 3079->3080 3095 7ff71de59860 3080->3095 3085 7ff71de49b54 __scrt_acquire_startup_lock __scrt_release_startup_lock 3086 7ff71de49cb2 3085->3086 3094 7ff71de49c43 3085->3094 3104 7ff71de59714 3085->3104 3087 7ff71de595cc 7 API calls 3086->3087 3088 7ff71de49cbd std::locale::_Setgloballocale 3087->3088 3114 7ff71de4a550 3088->3114 3090 7ff71de49cf3 3117 7ff71de56878 3090->3117 3093 7ff71de49d19 3107 7ff71de595cc IsProcessorFeaturePresent 3094->3107 3096 7ff71dde3460 3095->3096 3097 7ff71de59883 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 3095->3097 3098 7ff71de58da4 3096->3098 3097->3096 3099 7ff71de58dac 3098->3099 3100 7ff71de58db8 __scrt_dllmain_crt_thread_attach 3099->3100 3101 7ff71de58dc5 3100->3101 3103 7ff71de58dc1 3100->3103 3101->3103 3120 7ff71de5bcf8 3101->3120 3103->3085 3147 7ff71de9ed10 3104->3147 3108 7ff71de595f2 _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 3107->3108 3109 7ff71de59611 RtlCaptureContext RtlLookupFunctionEntry 3108->3109 3110 7ff71de5963a RtlVirtualUnwind 3109->3110 3111 7ff71de59676 __scrt_get_show_window_mode 3109->3111 3110->3111 3112 7ff71de596a8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3111->3112 3113 7ff71de596f6 _invalid_parameter_noinfo_noreturn 3112->3113 3113->3086 3149 7ff71dddff80 3114->3149 3164 7ff71de5aa5c 3117->3164 3119 7ff71de5688a 3119->3093 3121 7ff71de5bd0a 3120->3121 3122 7ff71de5bd00 3120->3122 3121->3103 3126 7ff71de5beb4 3122->3126 3127 7ff71de5bec3 3126->3127 3128 7ff71de5bd05 3126->3128 3134 7ff71de672dc 3127->3134 3130 7ff71de670f0 3128->3130 3131 7ff71de6711b 3130->3131 3132 7ff71de670fe DeleteCriticalSection 3131->3132 3133 7ff71de6711f 3131->3133 3132->3131 3133->3121 3138 7ff71de67144 3134->3138 3144 7ff71de6722e TlsFree 3138->3144 3145 7ff71de67188 __vcrt_FlsAlloc 3138->3145 3139 7ff71de671b6 LoadLibraryExW 3141 7ff71de671d7 GetLastError 3139->3141 3142 7ff71de67255 3139->3142 3140 7ff71de67275 GetProcAddress 3140->3144 3141->3145 3142->3140 3143 7ff71de6726c FreeLibrary 3142->3143 3143->3140 3145->3139 3145->3140 3145->3144 3146 7ff71de671f9 LoadLibraryExW 3145->3146 3146->3142 3146->3145 3148 7ff71de5972b GetStartupInfoW 3147->3148 3148->3094 3150 7ff71de5aa90 __std_exception_copy 54 API calls 3149->3150 3151 7ff71dddffec 3150->3151 3152 7ff71dde000d 3151->3152 3160 7ff71de5ab20 3151->3160 3154 7ff71de5ab20 __std_exception_destroy 13 API calls 3152->3154 3156 7ff71dde001c 3154->3156 3158 7ff71de589f0 _invalid_parameter_noinfo_noreturn 8 API calls 3156->3158 3157 7ff71de5aa90 __std_exception_copy 54 API calls 3157->3152 3159 7ff71dde002c 3158->3159 3159->3090 3161 7ff71dddffff 3160->3161 3162 7ff71de5ab2f 3160->3162 3161->3157 3163 7ff71de689e0 __std_exception_destroy 13 API calls 3162->3163 3163->3161 3167 7ff71de5bd40 3164->3167 3173 7ff71de5bd5c 3167->3173 3170 7ff71de5aa65 3170->3119 3171 7ff71de762a8 std::locale::_Setgloballocale 52 API calls 3172 7ff71de5bd58 3171->3172 3174 7ff71de5bd7b GetLastError 3173->3174 3175 7ff71de5bd49 3173->3175 3187 7ff71de67324 3174->3187 3175->3170 3175->3171 3188 7ff71de67144 __vcrt_FlsAlloc 5 API calls 3187->3188 3189 7ff71de6734b TlsGetValue 3188->3189 3389 7ff71de7c2f8 3390 7ff71de7c33e 3389->3390 3392 7ff71de7c2fd 3389->3392 3392->3390 3393 7ff71de7c347 3392->3393 3400 7ff71de759fc 3392->3400 3394 7ff71de68980 _invalid_parameter_noinfo_noreturn 17 API calls 3393->3394 3395 7ff71de7c35c 3394->3395 3396 7ff71de6a5dc __free_lconv_mon 11 API calls 3395->3396 3397 7ff71de7c385 3396->3397 3398 7ff71de68930 _invalid_parameter_noinfo 52 API calls 3397->3398 3399 7ff71de7c390 3398->3399 3402 7ff71de75a0c 3400->3402 3405 7ff71de75a16 3400->3405 3401 7ff71de6a5dc __free_lconv_mon 11 API calls 3408 7ff71de75a1e 3401->3408 3402->3405 3406 7ff71de75a4f 3402->3406 3403 7ff71de68930 _invalid_parameter_noinfo 52 API calls 3404 7ff71de75a2a 3403->3404 3404->3392 3405->3401 3406->3404 3407 7ff71de6a5dc __free_lconv_mon 11 API calls 3406->3407 3407->3408 3408->3403 3409 7ff71de55e80 3414 7ff71ddc6200 3409->3414 3412 7ff71de5b9a0 Concurrency::cancel_current_task 2 API calls 3413 7ff71de55ea2 3412->3413 3415 7ff71ddc6320 Concurrency::cancel_current_task 54 API calls 3414->3415 3416 7ff71ddc6221 3415->3416 3416->3412

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 00007FF71DDE33F0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 87libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressFeatureHandleModulePresentProcProcessor
                                                                                                                                                                                                                                                                            • String ID: LdrEnumerateLoadedModules$asw::main::impl::at_exit_action_node::action_failed_exception::action_failed_exception: atexit action throws exception!$ntdll
                                                                                                                                                                                                                                                                            • API String ID: 431857297-521359223
                                                                                                                                                                                                                                                                            • Opcode ID: aacbe2e09ab61e7bf3a1c4424d4fece84d3753ebb67b5af4522973331a70d5e8
                                                                                                                                                                                                                                                                            • Instruction ID: 1810d4961837ea0208a984e206c939c872ce8b1f67edd1a08570410a4e624074
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aacbe2e09ab61e7bf3a1c4424d4fece84d3753ebb67b5af4522973331a70d5e8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61319525E0DE4241EA54BB21E9513BBA2A0AF553A2FC00139D64E576D2FF2CF55CCB70
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE83170 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?,00007FF71DE815DD,?,?,?,?,00007FF71DE56F7C,?,?,00000000,00007FF71DE56C52), ref: 00007FF71DE832EF
                                                                                                                                                                                                                                                                            • GetProcAddressForCaller.KERNELBASE(?,?,?,?,00007FF71DE815DD,?,?,?,?,00007FF71DE56F7C,?,?,00000000,00007FF71DE56C52), ref: 00007FF71DE832FB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressCallerFreeLibraryProc
                                                                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                            • API String ID: 3520295827-537541572
                                                                                                                                                                                                                                                                            • Opcode ID: 1bb1f6fd10978f9494233bd694644c29b5bd21b2dcf760df6914844e21578044
                                                                                                                                                                                                                                                                            • Instruction ID: 2f3bd566515649a8c79a45e6137f109cbaa7414877f99eb5d79e775c2ade9ea2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bb1f6fd10978f9494233bd694644c29b5bd21b2dcf760df6914844e21578044
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8841E42171DE8281FA11EB169805176E396BF05BF2F984239DD1D877A4FE3CE44DCAA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DDAC180 Relevance: 3.0, APIs: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 73155330-0
                                                                                                                                                                                                                                                                            • Opcode ID: cd5e147b27806341293070abe55c34f62e7c5b6e46b40c96023b5a1d93ab9eaf
                                                                                                                                                                                                                                                                            • Instruction ID: d76fe356e33b6ef6487bcfdfd01e1030a09dad4d640f1c3e6483b210799056c8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd5e147b27806341293070abe55c34f62e7c5b6e46b40c96023b5a1d93ab9eaf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AF0271AF1EE0B45EC48B354809233A81905F44B70FD04B31E6AE013D2FD2CD09D0B20
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE58A40 Relevance: 3.0, APIs: 2, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                                            • Opcode ID: a67e46d92cb31f8053bc142c68085f812b10490304d8009da09411092242ee12
                                                                                                                                                                                                                                                                            • Instruction ID: 61393efc992f026e0ac1f2346b102334ae1578aa78261f405a0a39b7111ab6b8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a67e46d92cb31f8053bc142c68085f812b10490304d8009da09411092242ee12
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAE04F04F0DD0784FD98316104951B780500F047F3EA85B30D97D042C7BD1DB44D9A30
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE82D04 Relevance: 3.0, APIs: 2, Instructions: 18threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 588628887-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4d141cb6d78fcbb603c26794ea48834d954c188b741aab7f933ce431baa19642
                                                                                                                                                                                                                                                                            • Instruction ID: 2844b939b2bcc789c05709273c011c51d83e7d6c5bfe6971ac3986d4edb65d98
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d141cb6d78fcbb603c26794ea48834d954c188b741aab7f933ce431baa19642
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68E0EC50F1ED4246FA18B7F29849137A5555F54772FC44534C80D922A5FE2CB54C8A20
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE82CA4 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,?,?,00007FF71DE8858D,?,?,00000000,00007FF71DE82583,?,?,?,00007FF71DE81F9F,?,?,?,00007FF71DE81E95), ref: 00007FF71DE82CE2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: 93b4b25a0141f6712fff37649b522ab9c4ec24ae9a06848a5bb83a724aab405a
                                                                                                                                                                                                                                                                            • Instruction ID: 10e91b9dd2f316b7bcdd95360412fd5c559020ccd2bd71795be48b030e3a3688
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93b4b25a0141f6712fff37649b522ab9c4ec24ae9a06848a5bb83a724aab405a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90F05820B0CE8345FA5477A29882277A1806F847B2FC80630DD2E852C6FE2CE48C9934
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 00007FF71DE595CC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                                                                                                            • Opcode ID: eb437eda6c7ba026fbc896d41ef4ea67a1e54d019cec8b1bcaef7ba0aa396395
                                                                                                                                                                                                                                                                            • Instruction ID: ea4e5f7725df7d39d873e5b2b5b8f4c12c6e1e6b5188c0fbe7025995e41d0c1e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb437eda6c7ba026fbc896d41ef4ea67a1e54d019cec8b1bcaef7ba0aa396395
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD314176609F8186EB609F60E8403EA7364FB44765F84453ADB4E47B95EF38D64CCB20
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE68660 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                            • Opcode ID: ba807444e8c656bc18d8ec0ff0c775162655868fad316d4a376a06378749310c
                                                                                                                                                                                                                                                                            • Instruction ID: 8f51360eed7875650337652553c947908c06447767fc3ff6d1afe998db50f8ec
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba807444e8c656bc18d8ec0ff0c775162655868fad316d4a376a06378749310c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37316F36618F8185DB60DF24E8402AEB3A4FB887A5F900235EA9D43B95EF3CD55DCB10
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE82940 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 146 7ff71de82940-7ff71de82962 GetLastError 147 7ff71de82964-7ff71de8296f FlsGetValue 146->147 148 7ff71de82981-7ff71de8298c FlsSetValue 146->148 149 7ff71de8297b 147->149 150 7ff71de82971-7ff71de82979 147->150 151 7ff71de8298e-7ff71de82991 148->151 152 7ff71de82993-7ff71de82998 148->152 149->148 153 7ff71de829ed-7ff71de829f8 SetLastError 150->153 151->153 154 7ff71de8299d call 7ff71de82ed0 152->154 155 7ff71de82a0d-7ff71de82a23 call 7ff71de762a8 153->155 156 7ff71de829fa-7ff71de82a0c 153->156 157 7ff71de829a2-7ff71de829ae 154->157 166 7ff71de82a25-7ff71de82a30 FlsGetValue 155->166 167 7ff71de82a40-7ff71de82a4b FlsSetValue 155->167 159 7ff71de829c0-7ff71de829ca FlsSetValue 157->159 160 7ff71de829b0-7ff71de829b7 FlsSetValue 157->160 161 7ff71de829de-7ff71de829e8 call 7ff71de826e4 call 7ff71de82d04 159->161 162 7ff71de829cc-7ff71de829dc FlsSetValue 159->162 164 7ff71de829b9-7ff71de829be call 7ff71de82d04 160->164 161->153 162->164 164->151 172 7ff71de82a3a 166->172 173 7ff71de82a32-7ff71de82a36 166->173 169 7ff71de82a4d-7ff71de82a52 167->169 170 7ff71de82ab0-7ff71de82ab7 call 7ff71de762a8 167->170 175 7ff71de82a57 call 7ff71de82ed0 169->175 172->167 173->170 177 7ff71de82a38 173->177 180 7ff71de82a5c-7ff71de82a68 175->180 181 7ff71de82aa7-7ff71de82aaf 177->181 182 7ff71de82a7a-7ff71de82a84 FlsSetValue 180->182 183 7ff71de82a6a-7ff71de82a71 FlsSetValue 180->183 185 7ff71de82a98-7ff71de82aa2 call 7ff71de826e4 call 7ff71de82d04 182->185 186 7ff71de82a86-7ff71de82a96 FlsSetValue 182->186 184 7ff71de82a73-7ff71de82a78 call 7ff71de82d04 183->184 184->170 185->181 186->184
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value$ErrorLast$AllocHeapLanguagesPreferredRestoreThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2298676826-0
                                                                                                                                                                                                                                                                            • Opcode ID: 99c9ba5a74401c41e9786c58626a98147d0cc47dd0cdea417453b2632a55beb1
                                                                                                                                                                                                                                                                            • Instruction ID: c9b90eea6e234671986334765df32a9a65f9168390bf396e5dfc8b4e5e2cd3a1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99c9ba5a74401c41e9786c58626a98147d0cc47dd0cdea417453b2632a55beb1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD414B20A1DE8252FA68B331A59317BE1825F447B6FD44734D93E4A6E6FD2CB40DCE60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE67144 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF71DE673F6,?,?,?,00007FF71DE670B0,?,?,?,00007FF71DE5BCD9), ref: 00007FF71DE671C9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF71DE673F6,?,?,?,00007FF71DE670B0,?,?,?,00007FF71DE5BCD9), ref: 00007FF71DE671D7
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF71DE673F6,?,?,?,00007FF71DE670B0,?,?,?,00007FF71DE5BCD9), ref: 00007FF71DE67201
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF71DE673F6,?,?,?,00007FF71DE670B0,?,?,?,00007FF71DE5BCD9), ref: 00007FF71DE6726F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF71DE673F6,?,?,?,00007FF71DE670B0,?,?,?,00007FF71DE5BCD9), ref: 00007FF71DE6727B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                                            • Opcode ID: bf0038fc9c37e1440715c0c22da482c2ac446556000bb0cbcee1254be2756ec0
                                                                                                                                                                                                                                                                            • Instruction ID: 51a3ce508ce00b70961237452cc7c7d73e1e036c8b508ae29ffc1a6099856479
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf0038fc9c37e1440715c0c22da482c2ac446556000bb0cbcee1254be2756ec0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C731D621A5EE4291EE11FF52A800536A3D4BF44BB2F994639ED2D46B54FF3CE44C8B60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE9063C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                            • Opcode ID: 13454c21743845c702a3665e9241d5da4bc9c139fb3c7b1b7fcdaae99c4c1040
                                                                                                                                                                                                                                                                            • Instruction ID: 08f5c5b96452464f7e7ce107ca4f654c4933d02c55ddd3c4348957e493f09911
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13454c21743845c702a3665e9241d5da4bc9c139fb3c7b1b7fcdaae99c4c1040
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2211A221B1CF4186E350AB02E84432AA6A5FB88BF1F900334D96D87794EF7CD55CCB54
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE82AB8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF71DE6A5E5,?,?,?,?,00007FF71DE82D38), ref: 00007FF71DE82AC7
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF71DE6A5E5,?,?,?,?,00007FF71DE82D38), ref: 00007FF71DE82AFD
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF71DE6A5E5,?,?,?,?,00007FF71DE82D38), ref: 00007FF71DE82B2A
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF71DE6A5E5,?,?,?,?,00007FF71DE82D38), ref: 00007FF71DE82B3B
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF71DE6A5E5,?,?,?,?,00007FF71DE82D38), ref: 00007FF71DE82B4C
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF71DE6A5E5,?,?,?,?,00007FF71DE82D38), ref: 00007FF71DE82B67
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                            • Opcode ID: 00bdc1b6a9a0fda004766fbebd458fc694066db7cdd626d75c1bbeaaf5887158
                                                                                                                                                                                                                                                                            • Instruction ID: c5845c60153f83d699e1941582cf0d543564e579c5294d28d4ea9a1438ef8431
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00bdc1b6a9a0fda004766fbebd458fc694066db7cdd626d75c1bbeaaf5887158
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1113B20A1DE8246FA58B721A58603AA1426F447B6F944734D83E476D6FE2CF44E8B20
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE82B80 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF71DE685EF,?,?,00000000,00007FF71DE6888A,?,?,?,?,?,00007FF71DE68816), ref: 00007FF71DE82B9F
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF71DE685EF,?,?,00000000,00007FF71DE6888A,?,?,?,?,?,00007FF71DE68816), ref: 00007FF71DE82BBE
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF71DE685EF,?,?,00000000,00007FF71DE6888A,?,?,?,?,?,00007FF71DE68816), ref: 00007FF71DE82BE6
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF71DE685EF,?,?,00000000,00007FF71DE6888A,?,?,?,?,?,00007FF71DE68816), ref: 00007FF71DE82BF7
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF71DE685EF,?,?,00000000,00007FF71DE6888A,?,?,?,?,?,00007FF71DE68816), ref: 00007FF71DE82C08
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                            • Opcode ID: a7489737ad3567829c47e88150fa42e87bf7654e95172a50d05244853754a39f
                                                                                                                                                                                                                                                                            • Instruction ID: 152b2912255ca48526ab83835d444370e2bd60ad10029f10d18cbdd94d34069f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7489737ad3567829c47e88150fa42e87bf7654e95172a50d05244853754a39f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB117C20E0DE8205FA59B725A58313BE1416F847B5FC44734E83E476D6FE2CF40E8A20
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE803C0 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                            • Opcode ID: c9063c4dd1417649366cd423927d5d9243819b6276b80175f08a9a49f8382992
                                                                                                                                                                                                                                                                            • Instruction ID: 3e46f4219754d2e57c8c58f0f581316ee3c4a845812ce9e71ec77e5969fb9021
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9063c4dd1417649366cd423927d5d9243819b6276b80175f08a9a49f8382992
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18D10322B0CE9189E710DF79D4401ADBBB1FB44BA9B904232CE5D57B99EE38D44ECB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE80D9C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF71DE80D3C), ref: 00007FF71DE80EBF
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF71DE80D3C), ref: 00007FF71DE80F49
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                                                                                                            • Opcode ID: 79347fb655b989c6bb57e97efbd1ad6f3e5f071d965053a04ad86ce8cacafecc
                                                                                                                                                                                                                                                                            • Instruction ID: 7361ec4d8c9279c10458e10f8e8678c21a547ebc4636f0a6bed91479a7750f62
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79347fb655b989c6bb57e97efbd1ad6f3e5f071d965053a04ad86ce8cacafecc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A191F972A1CEE285FB50EB65D4412BEABA0BB04BA9F844135DD0E57694EF3CD44DCB20
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DDDFF80 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2960854011-0
                                                                                                                                                                                                                                                                            • Opcode ID: 10f1404b3afd8b5190e645c7e890de3ece6dae153b0084540be0dc18e04d15f3
                                                                                                                                                                                                                                                                            • Instruction ID: fbd7f5324e008f44c1bdce112cc94e9cfb754d33b8f8bcffb1fb0f2ef2363d02
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10f1404b3afd8b5190e645c7e890de3ece6dae153b0084540be0dc18e04d15f3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4011B732A2CF4181EB40DF10E4800AEB378FB947D4F955136FA9D06655EF39E999C750
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE59860 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                            • Opcode ID: 37956b51fd57173769aef578c833b91fe405d5b9b3b9bc1e601bb8fabd52e389
                                                                                                                                                                                                                                                                            • Instruction ID: bcf906459bcc9c3e6666fab1dcab5b6b4a85a781833e4382366a6cdfcd71fc05
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37956b51fd57173769aef578c833b91fe405d5b9b3b9bc1e601bb8fabd52e389
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F115122B18F0189EB00DF60E8442B973A4F719769F440F31DA2D827A4EF38E15CC750
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE80A6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                                            • Opcode ID: bb5268c81073c5105a572d194821c4e75217836fe8ff3e6b4f53fb515f9942a9
                                                                                                                                                                                                                                                                            • Instruction ID: 3ec8a7e573a17fb642ce7a6d07b9fecf1d5cb7b9e882b98f3a5cbf84148421cf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb5268c81073c5105a572d194821c4e75217836fe8ff3e6b4f53fb515f9942a9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F541B42271DE9181EB20AF65E4453AAB760FB84BA9F804131EE4D87794EF3CD509CB10
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DDAC110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                            • String ID: string too long
                                                                                                                                                                                                                                                                            • API String ID: 73155330-2556327735
                                                                                                                                                                                                                                                                            • Opcode ID: 1ca1b9a4c9b3c71de474c42623a1dcf6ab0df0fc3a7614bd63843871e0b070d7
                                                                                                                                                                                                                                                                            • Instruction ID: 34b05752f5969230877b59df4535d66295d6492a500c353abb40351f872959d5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ca1b9a4c9b3c71de474c42623a1dcf6ab0df0fc3a7614bd63843871e0b070d7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2E03066F1EE0B81ED04B765949207A91605F54771FD04A35E16D027D6FD1CE45D4B20
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF71DE5B9A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2983070694.00007FF71DDA1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF71DDA0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983031371.00007FF71DDA0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983192928.00007FF71DEB1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983271543.00007FF71DF16000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983298310.00007FF71DF18000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983335848.00007FF71DF1B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2983363713.00007FF71DF21000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff71dda0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                            • Opcode ID: 0506f2aae5e2a513790d4e88a6b28eb5b85344b13fa25f9f38fa0aa6a1773018
                                                                                                                                                                                                                                                                            • Instruction ID: 6a64ff90c09c775dcc8e825579f3a378697dddd2807cdd69d67a44ba00448ba9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0506f2aae5e2a513790d4e88a6b28eb5b85344b13fa25f9f38fa0aa6a1773018
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0114C36A19F8482EB219B15E44026AB7E4FB88BA5F984231DE8C07759EF3CD559CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:4.2%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:5.3%
                                                                                                                                                                                                                                                                            Total number of Nodes:1742
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:63
                                                                                                                                                                                                                                                                            execution_graph 62068 7ff7e629f550 62069 7ff7e629f5f8 62068->62069 62070 7ff7e629f5cb 62068->62070 62170 7ff7e629fcd0 100 API calls Concurrency::cancel_current_task 62069->62170 62212 7ff7e62fcdf0 AcquireSRWLockExclusive 62070->62212 62074 7ff7e629f607 62075 7ff7e629f787 GetFileVersionInfoSizeW 62074->62075 62171 7ff7e6292980 62074->62171 62080 7ff7e629f93f GetLastError 62075->62080 62091 7ff7e629f7c2 62075->62091 62259 7ff7e62ad7e0 62080->62259 62081 7ff7e629f614 62084 7ff7e629f8b8 62081->62084 62085 7ff7e629f61c 62081->62085 62247 7ff7e628b130 45 API calls std::_Throw_Cpp_error 62084->62247 62188 7ff7e61483a0 62085->62188 62089 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62094 7ff7e629f96f 62089->62094 62090 7ff7e629f7df GetFileVersionInfoW 62095 7ff7e629f970 GetLastError 62090->62095 62096 7ff7e629f7f8 VerQueryValueW 62090->62096 62091->62090 62092 7ff7e629f8fc 62248 7ff7e62ff810 62092->62248 62093 7ff7e629f645 62098 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62093->62098 62094->62095 62100 7ff7e62ad7e0 42 API calls 62095->62100 62101 7ff7e629f9a0 GetLastError 62096->62101 62102 7ff7e629f820 62096->62102 62099 7ff7e629f67b 62098->62099 62201 7ff7e629e7f0 61 API calls 3 library calls 62099->62201 62107 7ff7e629f98c 62100->62107 62106 7ff7e62ad7e0 42 API calls 62101->62106 62104 7ff7e629f9d0 GetLastError 62102->62104 62118 7ff7e629f834 62102->62118 62103 7ff7e629f910 62253 7ff7e6312130 62103->62253 62111 7ff7e62ad7e0 42 API calls 62104->62111 62110 7ff7e629f9bc 62106->62110 62112 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62107->62112 62109 7ff7e629f686 62202 7ff7e629ee20 62109->62202 62115 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62110->62115 62116 7ff7e629f9ec 62111->62116 62112->62101 62113 7ff7e629f916 62258 7ff7e62ad7a0 42 API calls 62113->62258 62115->62104 62119 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62116->62119 62117 7ff7e629f883 62123 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62117->62123 62118->62117 62237 7ff7e629fda0 GetFileAttributesW SetFileAttributesW DeleteFileW Sleep 62118->62237 62124 7ff7e629fa00 62119->62124 62122 7ff7e629f6f8 62217 7ff7e614de60 62122->62217 62126 7ff7e629f891 62123->62126 62127 7ff7e629fb65 62124->62127 62262 7ff7e629e120 45 API calls std::_Throw_Cpp_error 62124->62262 62125 7ff7e629f92b 62129 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62125->62129 62238 7ff7e62fcd10 62126->62238 62286 7ff7e62ad7a0 42 API calls 62127->62286 62129->62080 62132 7ff7e629f74b 62136 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62132->62136 62140 7ff7e629f756 62136->62140 62137 7ff7e629fb76 62138 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62137->62138 62142 7ff7e629fb87 62138->62142 62139 7ff7e629fa92 62263 7ff7e629e2a0 62139->62263 62141 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62140->62141 62144 7ff7e629f764 62141->62144 62145 7ff7e629fb88 GetLastError 62142->62145 62148 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62144->62148 62287 7ff7e61fac20 45 API calls std::_Throw_Cpp_error 62145->62287 62146 7ff7e629fa9b 62147 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62146->62147 62150 7ff7e629faa6 62147->62150 62151 7ff7e629f76f 62148->62151 62153 7ff7e629fab0 62150->62153 62154 7ff7e629fab3 CreateFileW 62150->62154 62236 7ff7e629f050 GetFileAttributesW SetFileAttributesW CopyFileW GetLastError Sleep 62151->62236 62152 7ff7e629fbb7 62156 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62152->62156 62153->62154 62154->62145 62157 7ff7e629faf3 WriteFile 62154->62157 62162 7ff7e629fbc8 62156->62162 62159 7ff7e629fb14 CloseHandle 62157->62159 62160 7ff7e629fb39 GetLastError 62157->62160 62158 7ff7e629f77f 62158->62075 62158->62113 62163 7ff7e62fcd10 DName::DName 8 API calls 62159->62163 62165 7ff7e62ad7e0 42 API calls 62160->62165 62161 7ff7e629fbf2 62162->62161 62288 7ff7e629fda0 GetFileAttributesW SetFileAttributesW DeleteFileW Sleep 62162->62288 62166 7ff7e629fb2d 62163->62166 62167 7ff7e629fb53 62165->62167 62168 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62167->62168 62169 7ff7e629fb64 62168->62169 62169->62127 62170->62074 62172 7ff7e62929af 62171->62172 62173 7ff7e62929f4 62171->62173 62174 7ff7e62fcdf0 3 API calls 62172->62174 62289 7ff7e61724e0 62173->62289 62176 7ff7e62929bb 62174->62176 62176->62173 62178 7ff7e62929c4 GetModuleHandleW GetProcAddress 62176->62178 62294 7ff7e62fcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 62178->62294 62179 7ff7e6292a02 62183 7ff7e6292a13 GetCurrentProcess NtQueryInformationProcess 62179->62183 62184 7ff7e6292a47 62179->62184 62180 7ff7e6292a6d 62181 7ff7e62fcd10 DName::DName 8 API calls 62180->62181 62185 7ff7e6292a7c 62181->62185 62183->62184 62186 7ff7e62fcd10 DName::DName 8 API calls 62184->62186 62185->62081 62187 7ff7e6292a64 62186->62187 62187->62081 62189 7ff7e6148488 62188->62189 62190 7ff7e61483da 62188->62190 62317 7ff7e6143890 44 API calls std::_Throw_Cpp_error 62189->62317 62192 7ff7e61483e8 _Yarn 62190->62192 62193 7ff7e614848d 62190->62193 62194 7ff7e6148419 62190->62194 62192->62093 62318 7ff7e61437d0 44 API calls 3 library calls 62193->62318 62297 7ff7e61520f0 62194->62297 62197 7ff7e6148493 62199 7ff7e61484c9 HeapFree 62197->62199 62200 7ff7e61484df 62197->62200 62198 7ff7e6148430 _Yarn 62198->62093 62199->62093 62200->62093 62201->62109 62205 7ff7e629eec0 62202->62205 62207 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62205->62207 62208 7ff7e629efaf 62205->62208 62209 7ff7e629ef7c GetFileAttributesW 62205->62209 62210 7ff7e629ef79 62205->62210 62342 7ff7e62aa720 EnterCriticalSection 62205->62342 62353 7ff7e6159d40 44 API calls 2 library calls 62205->62353 62354 7ff7e614c510 62205->62354 62207->62205 62208->62103 62208->62122 62209->62210 62210->62205 62210->62208 62210->62209 62211 7ff7e629ef9c GetFileAttributesW 62210->62211 62211->62208 62211->62210 62213 7ff7e62fce06 62212->62213 62214 7ff7e62fce0b ReleaseSRWLockExclusive 62213->62214 62216 7ff7e62fce10 SleepConditionVariableSRW 62213->62216 62216->62213 62218 7ff7e614de79 62217->62218 62219 7ff7e614dea2 62217->62219 62218->62219 62220 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 62218->62220 62219->62132 62221 7ff7e614dec6 62220->62221 62222 7ff7e614e047 62221->62222 62223 7ff7e614df80 62221->62223 62232 7ff7e614df40 _Yarn 62221->62232 62394 7ff7e6143890 44 API calls std::_Throw_Cpp_error 62222->62394 62224 7ff7e614dfc2 62223->62224 62226 7ff7e614e04c 62223->62226 62227 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 62224->62227 62395 7ff7e61437d0 44 API calls 3 library calls 62226->62395 62230 7ff7e614dfd6 _Yarn 62227->62230 62229 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 62231 7ff7e614e058 62229->62231 62230->62229 62230->62232 62233 7ff7e614e092 62231->62233 62396 7ff7e6152370 44 API calls 4 library calls 62231->62396 62232->62132 62233->62132 62235 7ff7e614e0e5 62235->62132 62236->62158 62237->62117 62239 7ff7e62fcd19 62238->62239 62240 7ff7e629f8a4 62239->62240 62241 7ff7e62fd320 IsProcessorFeaturePresent 62239->62241 62242 7ff7e62fd338 62241->62242 62397 7ff7e62fd514 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 62242->62397 62244 7ff7e62fd34b 62398 7ff7e62fd2ec SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 62244->62398 62247->62092 62249 7ff7e62ff82f 62248->62249 62250 7ff7e62ff87a RaiseException 62249->62250 62251 7ff7e62ff858 RtlPcToFileHeader 62249->62251 62250->62103 62252 7ff7e62ff870 62251->62252 62252->62250 62399 7ff7e6311f98 40 API calls _invalid_parameter_noinfo 62253->62399 62255 7ff7e6312149 62400 7ff7e6312160 17 API calls _invalid_parameter_noinfo_noreturn 62255->62400 62258->62125 62401 7ff7e6155cd0 62259->62401 62262->62139 62264 7ff7e629e2c6 62263->62264 62265 7ff7e629e2c9 CreateDirectoryW 62263->62265 62264->62265 62266 7ff7e629e437 62265->62266 62267 7ff7e629e2de GetLastError 62265->62267 62266->62146 62268 7ff7e629e2eb 62267->62268 62275 7ff7e629e325 62267->62275 62269 7ff7e629e2f2 62268->62269 62270 7ff7e629e2f5 GetFileAttributesW 62268->62270 62269->62270 62272 7ff7e629e303 62270->62272 62273 7ff7e629e30b SetLastError 62270->62273 62271 7ff7e629e316 62271->62146 62272->62266 62272->62273 62273->62271 62275->62271 62276 7ff7e629e3d4 CreateDirectoryW 62275->62276 62278 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62275->62278 62425 7ff7e615c4d0 62275->62425 62276->62266 62279 7ff7e629e3fc GetLastError 62276->62279 62280 7ff7e629e3ac CreateDirectoryW 62278->62280 62281 7ff7e629e40b 62279->62281 62282 7ff7e629e40e GetFileAttributesW 62279->62282 62285 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62280->62285 62281->62282 62283 7ff7e629e420 SetLastError 62282->62283 62284 7ff7e629e41c 62282->62284 62283->62146 62284->62266 62284->62283 62285->62275 62286->62137 62287->62152 62288->62161 62295 7ff7e634e6e0 62289->62295 62291 7ff7e6172539 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 62292 7ff7e62fcd10 DName::DName 8 API calls 62291->62292 62293 7ff7e61725ac 62292->62293 62293->62179 62293->62180 62296 7ff7e634e6d0 62295->62296 62296->62291 62296->62296 62298 7ff7e6152107 62297->62298 62307 7ff7e6152131 62297->62307 62299 7ff7e6152146 62298->62299 62300 7ff7e6152110 62298->62300 62331 7ff7e61437d0 44 API calls 3 library calls 62299->62331 62322 7ff7e62fce80 62300->62322 62303 7ff7e6152118 62304 7ff7e6152120 62303->62304 62305 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 62303->62305 62304->62198 62312 7ff7e6152151 62305->62312 62306 7ff7e615213f 62306->62198 62307->62306 62311 7ff7e62fceaa 62307->62311 62319 7ff7e6320a38 62307->62319 62308 7ff7e61521aa 62308->62198 62310 7ff7e614de60 44 API calls std::_Throw_Cpp_error 62310->62312 62313 7ff7e62fceb5 62311->62313 62332 7ff7e62fa850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 62311->62332 62312->62308 62312->62310 62333 7ff7e61437d0 44 API calls 3 library calls 62313->62333 62316 7ff7e62fcebb 62316->62198 62318->62197 62334 7ff7e6320a74 62319->62334 62324 7ff7e62fce8b 62322->62324 62323 7ff7e62fcea4 62323->62303 62324->62323 62325 7ff7e6320a38 std::_Facet_Register 2 API calls 62324->62325 62326 7ff7e62fceaa 62324->62326 62325->62324 62329 7ff7e62fceb5 62326->62329 62340 7ff7e62fa850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 62326->62340 62341 7ff7e61437d0 44 API calls 3 library calls 62329->62341 62330 7ff7e62fcebb 62330->62303 62331->62303 62333->62316 62339 7ff7e6320258 EnterCriticalSection 62334->62339 62336 7ff7e6320a81 62337 7ff7e63202b8 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 62336->62337 62338 7ff7e6320a46 62337->62338 62338->62307 62341->62330 62343 7ff7e62aa774 62342->62343 62349 7ff7e62aa7b4 62342->62349 62344 7ff7e62fcdf0 3 API calls 62343->62344 62345 7ff7e62aa780 62344->62345 62345->62349 62367 7ff7e62a8920 62345->62367 62350 7ff7e62aab49 LeaveCriticalSection 62349->62350 62351 7ff7e62fcd10 DName::DName 8 API calls 62350->62351 62352 7ff7e62aacc7 62351->62352 62352->62205 62353->62205 62355 7ff7e614c566 62354->62355 62356 7ff7e614c533 62354->62356 62355->62205 62356->62355 62357 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 62356->62357 62359 7ff7e614c5af 62357->62359 62358 7ff7e614c6a3 62393 7ff7e6143890 44 API calls std::_Throw_Cpp_error 62358->62393 62359->62358 62361 7ff7e614c62e 62359->62361 62363 7ff7e614c69e 62359->62363 62366 7ff7e614c606 62359->62366 62364 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 62361->62364 62392 7ff7e61437d0 44 API calls 3 library calls 62363->62392 62364->62366 62366->62205 62391 7ff7e62ab190 62367->62391 62369 7ff7e62a895a GetSystemTimeAsFileTime 62371 7ff7e62a899c 62369->62371 62370 7ff7e62a8bc4 GetCurrentProcessId 62372 7ff7e62a8c01 62370->62372 62371->62370 62373 7ff7e62a8cfe GetCurrentThreadId 62372->62373 62374 7ff7e62a8d3b 62373->62374 62375 7ff7e62a8e38 GlobalMemoryStatusEx 62374->62375 62376 7ff7e62a9360 GetDiskFreeSpaceExW 62375->62376 62387 7ff7e62a8e7e 62375->62387 62377 7ff7e62a95d2 GetSystemTimes 62376->62377 62380 7ff7e62a937a 62376->62380 62378 7ff7e62a9d68 QueryPerformanceCounter 62377->62378 62389 7ff7e62a95f5 62377->62389 62379 7ff7e62a9d7d 62378->62379 62381 7ff7e62aa25d CryptAcquireContextW 62379->62381 62380->62377 62382 7ff7e62aa289 CryptGenRandom 62381->62382 62384 7ff7e62aa525 62381->62384 62383 7ff7e62aa516 CryptReleaseContext 62382->62383 62388 7ff7e62aa2b1 62382->62388 62383->62384 62385 7ff7e62fcd10 DName::DName 8 API calls 62384->62385 62386 7ff7e62aa709 62385->62386 62390 7ff7e62fcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 62386->62390 62387->62376 62388->62383 62389->62378 62391->62369 62392->62358 62395->62230 62396->62235 62397->62244 62399->62255 62412 7ff7e62fec50 62401->62412 62404 7ff7e6155d5d 62418 7ff7e62fece0 62404->62418 62406 7ff7e62fece0 __std_exception_destroy 13 API calls 62408 7ff7e6155d4f 62406->62408 62409 7ff7e62fec50 __std_exception_copy 42 API calls 62408->62409 62409->62404 62410 7ff7e62fcd10 DName::DName 8 API calls 62411 7ff7e6155d7c 62410->62411 62411->62089 62413 7ff7e62fec71 62412->62413 62416 7ff7e6155d3c 62412->62416 62413->62416 62417 7ff7e62feca6 62413->62417 62422 7ff7e6311908 40 API calls 2 library calls 62413->62422 62416->62404 62416->62406 62423 7ff7e63119f0 13 API calls 2 library calls 62417->62423 62419 7ff7e62fecef 62418->62419 62420 7ff7e6155d6c 62418->62420 62424 7ff7e63119f0 13 API calls 2 library calls 62419->62424 62420->62410 62422->62417 62423->62416 62424->62420 62428 7ff7e615c512 shared_ptr 62425->62428 62426 7ff7e62fcd10 DName::DName 8 API calls 62427 7ff7e615c5a4 62426->62427 62427->62275 62428->62426 62429 7ff7e62a3c10 62430 7ff7e62a3c4b 62429->62430 62432 7ff7e62a3c61 62429->62432 62431 7ff7e62a3d7b CompareStringW 62431->62432 62432->62431 62433 7ff7e62a3e6d CompareStringW 62432->62433 62434 7ff7e62a3c7c 62432->62434 62433->62432 62433->62434 62435 7ffdf9f32180 62436 7ffdf9f321d1 62435->62436 62438 7ffdf9f321ea 62436->62438 62441 7ffdf9f91920 62436->62441 62459 7ffdfa0d3b80 62438->62459 62442 7ffdf9f91966 62441->62442 62458 7ffdf9f91ed8 62441->62458 62468 7ffdfa0d4144 62442->62468 62444 7ffdfa0d3b80 _log10_special 8 API calls 62445 7ffdf9f92046 62444->62445 62445->62438 62446 7ffdf9f91970 memcpy_s 62447 7ffdfa0d41f0 Concurrency::cancel_current_task EnterCriticalSection 62446->62447 62449 7ffdf9f919a7 62446->62449 62447->62449 62448 7ffdf9e93af0 FindResourceA LoadResource LockResource SizeofResource 62453 7ffdf9f91a93 __std_exception_copy 62448->62453 62449->62448 62450 7ffdfa0396bc Concurrency::cancel_current_task EnterCriticalSection 62451 7ffdf9f91d6a __std_exception_copy 62450->62451 62452 7ffdfa0d41f0 Concurrency::cancel_current_task EnterCriticalSection 62451->62452 62454 7ffdf9f91dd7 62451->62454 62452->62454 62453->62450 62453->62458 62455 7ffdfa0d41f0 Concurrency::cancel_current_task EnterCriticalSection 62454->62455 62456 7ffdf9f91e5d 62454->62456 62455->62456 62457 7ffdfa0d41f0 Concurrency::cancel_current_task EnterCriticalSection 62456->62457 62456->62458 62457->62458 62458->62444 62460 7ffdfa0d3b89 62459->62460 62461 7ffdf9f32259 62460->62461 62462 7ffdfa0d4230 IsProcessorFeaturePresent 62460->62462 62463 7ffdfa0d4248 62462->62463 62480 7ffdfa0d4424 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 62463->62480 62465 7ffdfa0d425b 62481 7ffdfa0d41f8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 62465->62481 62470 7ffdfa0d414f 62468->62470 62469 7ffdfa0d416e Concurrency::cancel_current_task 62470->62469 62473 7ffdfa11ad70 62470->62473 62476 7ffdfa11adac 62473->62476 62475 7ffdfa11ad7e 62475->62470 62479 7ffdfa11b118 EnterCriticalSection 62476->62479 62478 7ffdfa11adb9 62478->62475 62480->62465 62482 7ffdf9e939f8 62483 7ffdf9e93a00 62482->62483 62487 7ffdfa105d7c 62483->62487 62485 7ffdf9e93a30 62486 7ffdf9e93a60 RegisterWindowMessageA RegisterWindowMessageA 62485->62486 62488 7ffdfa105dd5 62487->62488 62489 7ffdfa105d9e 62487->62489 62491 7ffdfa0d3b80 _log10_special 8 API calls 62488->62491 62489->62488 62495 7ffdfa11e390 62489->62495 62493 7ffdfa105de9 62491->62493 62492 7ffdfa105dc5 62492->62488 62494 7ffdfa106318 19 API calls 62492->62494 62493->62485 62494->62488 62496 7ffdfa11e398 MultiByteToWideChar 62495->62496 62498 7ff7e61d9c00 62522 7ff7e61e1be0 62498->62522 62500 7ff7e61d9c72 CreateFileW 62501 7ff7e61d9ca8 GetLastError 62500->62501 62502 7ff7e61d9d67 62500->62502 62503 7ff7e61d9d7e 62501->62503 62507 7ff7e61d9c4c 62501->62507 62505 7ff7e62ad7e0 42 API calls 62503->62505 62504 7ff7e61e1be0 QueryPerformanceCounter QueryPerformanceFrequency 62504->62507 62506 7ff7e61d9d91 62505->62506 62508 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62506->62508 62507->62500 62507->62503 62507->62504 62519 7ff7e61d9d55 CloseHandle 62507->62519 62527 7ff7e61ddc20 12 API calls 2 library calls 62507->62527 62509 7ff7e61d9da2 LockFileEx 62508->62509 62510 7ff7e61d9de6 62509->62510 62511 7ff7e61d9deb GetLastError 62509->62511 62512 7ff7e62ad7e0 42 API calls 62511->62512 62514 7ff7e61d9e04 62512->62514 62515 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 62514->62515 62516 7ff7e61d9e15 62515->62516 62528 7ff7e61e1a70 44 API calls DName::DName 62516->62528 62518 7ff7e61d9e5f 62529 7ff7e61e1a70 44 API calls DName::DName 62518->62529 62519->62507 62521 7ff7e61d9e96 62530 7ff7e62fbf2c QueryPerformanceFrequency 62522->62530 62524 7ff7e61e1bef 62531 7ff7e62fbf10 QueryPerformanceCounter 62524->62531 62526 7ff7e61e1bf7 62526->62507 62527->62507 62528->62518 62529->62521 62530->62524 62531->62526 62532 7ff7e632125c 62533 7ff7e63212a7 62532->62533 62537 7ff7e632126b _Getctype 62532->62537 62539 7ff7e6312280 11 API calls _Wcrtomb 62533->62539 62535 7ff7e632128e RtlAllocateHeap 62536 7ff7e63212a5 62535->62536 62535->62537 62537->62533 62537->62535 62538 7ff7e6320a38 std::_Facet_Register 2 API calls 62537->62538 62538->62537 62539->62536 62540 7ffdf9e690f0 62541 7ffdf9e69252 GetWindowLongPtrA GetWindow 62540->62541 62542 7ffdf9e6912e 62540->62542 62543 7ffdf9e6928f 62541->62543 62544 7ffdf9e691c7 IsWindow 62542->62544 62545 7ffdf9e69137 62542->62545 62549 7ffdf9e69297 EnterCriticalSection LeaveCriticalSection 62543->62549 62558 7ffdf9e692b8 62543->62558 62546 7ffdf9e691d8 GetClientRect GetWindow IsWindow 62544->62546 62557 7ffdf9e6914c 62544->62557 62547 7ffdf9e69151 IsWindow 62545->62547 62550 7ffdf9e6913c 62545->62550 62548 7ffdf9e69216 SetWindowPos 62546->62548 62546->62557 62551 7ffdf9e69162 GetWindowLongPtrA 62547->62551 62547->62557 62548->62557 62549->62558 62550->62557 62560 7ffdf9e68bc0 SetWindowLongPtrA 62550->62560 62554 7ffdf9e691b7 EndDialog 62551->62554 62555 7ffdf9e69175 62551->62555 62552 7ffdfa0d3b80 _log10_special 8 API calls 62556 7ffdf9e69353 62552->62556 62554->62557 62555->62554 62555->62557 62557->62552 62558->62557 62595 7ffdf9e73e60 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 62558->62595 62602 7ffdf9e929d0 29 API calls _log10_special 62560->62602 62562 7ffdf9e68c1e CreateWindowExA 62563 7ffdf9e68ca1 62562->62563 62564 7ffdf9e68c6f 62562->62564 62566 7ffdf9e68d39 62563->62566 62567 7ffdf9e68cba 62563->62567 62594 7ffdf9e6906b 62563->62594 62564->62563 62565 7ffdfa0d3b80 _log10_special 8 API calls 62568 7ffdf9e690c9 62565->62568 62596 7ffdf9e59310 62566->62596 62570 7ffdf9e68cc7 EnterCriticalSection 62567->62570 62572 7ffdf9e68cec 62567->62572 62568->62557 62603 7ffdf9e5e030 58 API calls _log10_special 62570->62603 62574 7ffdf9e68d02 EnterCriticalSection LeaveCriticalSection 62572->62574 62575 7ffdf9e68d23 62572->62575 62573 7ffdf9e68cdf LeaveCriticalSection 62573->62572 62574->62575 62578 7ffdf9e68d7f 62575->62578 62575->62594 62604 7ffdf9e73a90 EnterCriticalSection LeaveCriticalSection Concurrency::cancel_current_task EnterCriticalSection 62575->62604 62577 7ffdf9e68e42 62606 7ffdf9e591c0 EnterCriticalSection LeaveCriticalSection 62577->62606 62578->62577 62605 7ffdf9e6fec0 8 API calls 2 library calls 62578->62605 62581 7ffdf9e68e57 62607 7ffdf9e59230 EnterCriticalSection LeaveCriticalSection 62581->62607 62583 7ffdf9e68e63 GetWindowLongA GetWindowLongA AdjustWindowRectEx 62585 7ffdf9e68f51 62583->62585 62586 7ffdf9e68ec2 GetParent GetWindowRect 62583->62586 62584 7ffdf9e68de4 62589 7ffdf9e68e06 __std_exception_copy 62584->62589 62608 7ffdfa0390fc WideCharToMultiByte WideCharToMultiByte Concurrency::cancel_current_task EnterCriticalSection 62584->62608 62588 7ffdf9e68f69 GetDesktopWindow GetClientRect 62585->62588 62590 7ffdf9e68f01 62585->62590 62586->62590 62587 7ffdf9e68e30 SetWindowTextA 62587->62577 62588->62590 62589->62587 62609 7ffdf9e84bc0 9 API calls _log10_special 62590->62609 62593 7ffdf9e68ff2 SetWindowPos GetClientRect SetWindowPos 62593->62594 62594->62565 62595->62557 62597 7ffdf9e5932e 62596->62597 62598 7ffdf9e5933c EnterCriticalSection 62597->62598 62599 7ffdf9e59336 62597->62599 62610 7ffdf9e5ddc0 62598->62610 62599->62572 62602->62562 62603->62573 62604->62578 62605->62584 62606->62581 62607->62583 62608->62589 62609->62593 62612 7ffdf9e5ddfc 62610->62612 62618 7ffdf9e5deb9 62610->62618 62612->62618 62620 7ffdfa039f30 62612->62620 62613 7ffdfa0d3b80 _log10_special 8 API calls 62615 7ffdf9e59366 LeaveCriticalSection 62613->62615 62615->62572 62616 7ffdf9e5de59 62628 7ffdf9ef6be0 62616->62628 62619 7ffdf9e5ded3 62618->62619 62632 7ffdf9ef6da0 22 API calls _log10_special 62618->62632 62619->62613 62621 7ffdfa039f7c 62620->62621 62633 7ffdf9e782b0 62621->62633 62623 7ffdfa039fb4 62637 7ffdfa038a34 62623->62637 62625 7ffdfa039fd0 __std_exception_copy 62626 7ffdfa0d3b80 _log10_special 8 API calls 62625->62626 62627 7ffdfa03a001 62626->62627 62627->62616 62631 7ffdf9ef6c1f 62628->62631 62629 7ffdfa0d3b80 _log10_special 8 API calls 62630 7ffdf9ef6ccb 62629->62630 62630->62618 62631->62629 62632->62619 62634 7ffdf9e782e2 62633->62634 62636 7ffdf9e782eb memcpy_s 62634->62636 62641 7ffdfa0d41f0 62634->62641 62636->62623 62638 7ffdfa038a50 62637->62638 62639 7ffdfa038a58 62637->62639 62646 7ffdfa038904 Concurrency::cancel_current_task EnterCriticalSection 62638->62646 62639->62625 62642 7ffdfa0d4144 62641->62642 62643 7ffdfa0d416e Concurrency::cancel_current_task 62642->62643 62644 7ffdfa11ad70 EnterCriticalSection 62642->62644 62644->62642 62646->62639 62647 7ff7e6143260 InitializeCriticalSection 62652 7ff7e61e6e20 62647->62652 62653 7ff7e61e6ea4 62652->62653 62654 7ff7e61e6e5a 62652->62654 62656 7ff7e61e1be0 2 API calls 62653->62656 62658 7ff7e61e6eba 62653->62658 62655 7ff7e62fcdf0 3 API calls 62654->62655 62657 7ff7e61e6e66 62655->62657 62656->62658 62657->62653 62659 7ff7e61e6e6f GetModuleHandleW 62657->62659 62663 7ff7e62fcd10 DName::DName 8 API calls 62658->62663 62660 7ff7e61e6e91 62659->62660 62661 7ff7e61e6e81 GetProcAddress 62659->62661 62670 7ff7e62fcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 62660->62670 62661->62660 62664 7ff7e614327d 62663->62664 62665 7ff7e62e4410 62664->62665 62666 7ff7e61e6e20 18 API calls 62665->62666 62667 7ff7e62e4432 GetSystemTimes 62666->62667 62668 7ff7e62fcd10 DName::DName 8 API calls 62667->62668 62669 7ff7e6143287 62668->62669 62671 7ff7e6149a81 62674 7ff7e6149a8b 62671->62674 62672 7ff7e6149ae7 GetProcessHeap HeapSetInformation 62673 7ff7e6149b0f GetSystemTimeAsFileTime FileTimeToSystemTime 62672->62673 62845 7ff7e614d3e0 62673->62845 62674->62672 62674->62673 62677 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62678 7ff7e6149baa GetCommandLineW 62677->62678 62679 7ff7e6149bc2 62678->62679 62679->62679 62680 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62679->62680 62681 7ff7e6149bd8 62680->62681 62682 7ff7e614d3e0 101 API calls 62681->62682 62683 7ff7e6149bf2 62682->62683 62684 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62683->62684 62685 7ff7e6149bfb 62684->62685 62880 7ff7e614c6b0 62685->62880 62687 7ff7e6149c0f 62688 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62687->62688 62689 7ff7e6149c46 62688->62689 62690 7ff7e614e6f0 100 API calls 62689->62690 62691 7ff7e6149c93 62690->62691 62692 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62691->62692 62693 7ff7e6149c9f 62692->62693 62694 7ff7e6149e2e 62693->62694 62695 7ff7e6149ca8 62693->62695 62696 7ff7e614e0f0 44 API calls 62694->62696 62698 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62695->62698 62697 7ff7e6149e2c 62696->62697 62700 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62697->62700 62699 7ff7e6149cd6 62698->62699 62702 7ff7e614e6f0 100 API calls 62699->62702 62701 7ff7e6149e75 62700->62701 62704 7ff7e614e6f0 100 API calls 62701->62704 62703 7ff7e6149d1d 62702->62703 62705 7ff7e6149d82 62703->62705 62707 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62703->62707 62706 7ff7e6149ec3 62704->62706 62708 7ff7e614c6b0 44 API calls 62705->62708 62709 7ff7e61479d0 77 API calls 62706->62709 62710 7ff7e6149d68 62707->62710 62711 7ff7e6149d91 62708->62711 62715 7ff7e6149efc 62709->62715 62712 7ff7e614e5b0 100 API calls 62710->62712 62713 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62711->62713 62712->62705 62716 7ff7e6149d9a 62713->62716 62714 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62717 7ff7e6149f6e 62714->62717 62715->62714 62719 7ff7e614e0f0 44 API calls 62716->62719 62718 7ff7e61479d0 77 API calls 62717->62718 62723 7ff7e6149f84 62718->62723 62720 7ff7e6149e20 62719->62720 62721 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62720->62721 62721->62697 62722 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62724 7ff7e6149ff1 62722->62724 62723->62722 62725 7ff7e6151ed0 77 API calls 62724->62725 62726 7ff7e614a036 62725->62726 62727 7ff7e61479d0 77 API calls 62726->62727 62728 7ff7e614a088 62727->62728 62729 7ff7e614a119 EnterCriticalSection 62728->62729 62730 7ff7e61515e0 66 API calls 62729->62730 62733 7ff7e614a135 62730->62733 62731 7ff7e614a159 62732 7ff7e61515e0 66 API calls 62731->62732 62737 7ff7e614a165 62732->62737 62733->62731 62734 7ff7e614df10 44 API calls 62733->62734 62734->62731 62735 7ff7e614a189 LeaveCriticalSection 62736 7ff7e614a1b0 62735->62736 62736->62736 62738 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62736->62738 62737->62735 62739 7ff7e614df10 44 API calls 62737->62739 62740 7ff7e614a1c6 62738->62740 62739->62735 62741 7ff7e614e6f0 100 API calls 62740->62741 62742 7ff7e614a213 62741->62742 62743 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62742->62743 62744 7ff7e614a21f 62743->62744 62745 7ff7e614a228 62744->62745 62746 7ff7e614a35f 62744->62746 62750 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62745->62750 62747 7ff7e629fe40 202 API calls 62746->62747 62748 7ff7e614a36b 62747->62748 62749 7ff7e629e120 45 API calls 62748->62749 62751 7ff7e614a3b9 62749->62751 62752 7ff7e614a257 62750->62752 62753 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62751->62753 62755 7ff7e614e6f0 100 API calls 62752->62755 62754 7ff7e614a3c5 62753->62754 62759 7ff7e629e450 99 API calls 62754->62759 62756 7ff7e614a29d 62755->62756 62758 7ff7e614a302 62756->62758 62760 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62756->62760 62761 7ff7e614a32b 62758->62761 62766 7ff7e614df10 44 API calls 62758->62766 62762 7ff7e614a475 GetFileAttributesW 62759->62762 62763 7ff7e614a2e8 62760->62763 62764 7ff7e614df10 44 API calls 62761->62764 62769 7ff7e614a497 62762->62769 62765 7ff7e614e5b0 100 API calls 62763->62765 62767 7ff7e614a355 62764->62767 62765->62758 62766->62761 62770 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62767->62770 62768 7ff7e614a59b 62771 7ff7e614df10 44 API calls 62768->62771 62769->62768 62772 7ff7e629e120 45 API calls 62769->62772 62773 7ff7e614a60b 62770->62773 62780 7ff7e614a5c5 62771->62780 62778 7ff7e614a4f7 62772->62778 62775 7ff7e6148bd0 92 API calls 62773->62775 62774 7ff7e614a54b 62776 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62774->62776 62777 7ff7e614a624 62775->62777 62776->62768 62786 7ff7e614a62e 62777->62786 62787 7ff7e614a660 62777->62787 62778->62774 62782 7ff7e614aaf2 62778->62782 62779 7ff7e614a5f3 62781 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62779->62781 62780->62779 62783 7ff7e614df10 44 API calls 62780->62783 62784 7ff7e614a5ff 62781->62784 62785 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 62782->62785 62783->62779 62784->62767 62788 7ff7e614aaf7 62785->62788 62789 7ff7e628d910 119 API calls 62786->62789 62792 7ff7e61fa770 44 API calls 62787->62792 62790 7ff7e614db20 44 API calls 62788->62790 62791 7ff7e614a63c 62789->62791 62793 7ff7e614ab18 62790->62793 62794 7ff7e61fa580 44 API calls 62791->62794 62796 7ff7e614a65e 62792->62796 62797 7ff7e614d8d0 44 API calls 62793->62797 62795 7ff7e614a652 62794->62795 62798 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62795->62798 62799 7ff7e629e2a0 54 API calls 62796->62799 62800 7ff7e614ab21 62797->62800 62798->62796 62801 7ff7e614a680 62799->62801 62802 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62801->62802 62803 7ff7e614a68c 62802->62803 62804 7ff7e614a6d0 62803->62804 62805 7ff7e614a702 62803->62805 62806 7ff7e628d910 119 API calls 62804->62806 62809 7ff7e61fa770 44 API calls 62805->62809 62807 7ff7e614a6de 62806->62807 62808 7ff7e61fa580 44 API calls 62807->62808 62810 7ff7e614a6f4 62808->62810 62811 7ff7e614a700 62809->62811 62812 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62810->62812 62813 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62811->62813 62812->62811 62816 7ff7e614a741 62813->62816 62814 7ff7e614aef0 77 API calls 62815 7ff7e614a8c1 62814->62815 62817 7ff7e614aef0 77 API calls 62815->62817 62816->62814 62818 7ff7e614a8de 62817->62818 62819 7ff7e614a8f9 GetSystemTimeAsFileTime FileTimeToSystemTime 62818->62819 62820 7ff7e614a92a 62819->62820 62821 7ff7e6151d80 77 API calls 62820->62821 62822 7ff7e614a9a4 62821->62822 62823 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62822->62823 62824 7ff7e614a9b0 62823->62824 62825 7ff7e6151ed0 77 API calls 62824->62825 62826 7ff7e614a9fa 62825->62826 62827 7ff7e62fece0 __std_exception_destroy 13 API calls 62826->62827 62828 7ff7e614aa22 62827->62828 62829 7ff7e614dab0 40 API calls 62828->62829 62830 7ff7e614aa82 62829->62830 62831 7ff7e614dab0 40 API calls 62830->62831 62832 7ff7e614aa8e 62831->62832 62833 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62832->62833 62834 7ff7e614aa9a 62833->62834 62835 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62834->62835 62836 7ff7e614aaa6 62835->62836 62837 7ff7e614db20 44 API calls 62836->62837 62838 7ff7e614aab2 62837->62838 62839 7ff7e614d8d0 44 API calls 62838->62839 62840 7ff7e614aabe 62839->62840 62841 7ff7e614aad3 62840->62841 62842 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62840->62842 62843 7ff7e62fcd10 DName::DName 8 API calls 62841->62843 62842->62841 62844 7ff7e614aae4 62843->62844 62846 7ff7e614d42a 62845->62846 62851 7ff7e614d432 62845->62851 62847 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62846->62847 62847->62851 62848 7ff7e614d45d 62849 7ff7e614d483 62848->62849 62852 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62848->62852 62886 7ff7e614e890 62849->62886 62850 7ff7e614de60 44 API calls std::_Throw_Cpp_error 62850->62851 62851->62848 62851->62850 62852->62848 62855 7ff7e614d87f 62891 7ff7e614db20 62855->62891 62858 7ff7e614d888 62860 7ff7e62fcd10 DName::DName 8 API calls 62858->62860 62863 7ff7e6149b9e 62860->62863 62863->62677 62881 7ff7e614c6ee 62880->62881 62901 7ff7e6143890 44 API calls std::_Throw_Cpp_error 62881->62901 62887 7ff7e614d4a4 62886->62887 62890 7ff7e614e8e4 62886->62890 62887->62855 62898 7ff7e614e820 44 API calls std::_Throw_Cpp_error 62887->62898 62890->62887 62899 7ff7e6157170 44 API calls 2 library calls 62890->62899 62900 7ff7e6152210 44 API calls 4 library calls 62890->62900 62892 7ff7e614db3c 62891->62892 62894 7ff7e614db92 62891->62894 62893 7ff7e614db61 62892->62893 62895 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62892->62895 62893->62894 62896 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 62893->62896 62894->62858 62895->62892 62897 7ff7e614dbb7 62896->62897 62899->62890 62900->62890 62902 7ff7e616f480 GetCurrentProcess CheckRemoteDebuggerPresent 62904 7ff7e616f4bb 62902->62904 62903 7ff7e616f4c2 62905 7ff7e62fcd10 DName::DName 8 API calls 62903->62905 62904->62903 62906 7ff7e616f4fc NdrClientCall3 62904->62906 62907 7ff7e616f60a 62905->62907 62908 7ff7e616f536 62906->62908 62908->62903 62909 7ff7e616f54f GetModuleHandleW GetProcAddress 62908->62909 62910 7ff7e616f5eb 62909->62910 62911 7ff7e616f574 VirtualProtect 62909->62911 62910->62903 62911->62910 62913 7ff7e616f5a8 VirtualProtect GetCurrentProcess FlushInstructionCache 62911->62913 62913->62910 62914 7ffdf9f39010 62927 7ffdf9f38f80 62914->62927 62916 7ffdf9f39050 62917 7ffdf9f38f80 2 API calls 62916->62917 62918 7ffdf9f3905a 62917->62918 62919 7ffdf9f38f80 2 API calls 62918->62919 62920 7ffdf9f39064 62919->62920 62921 7ffdfa0d41f0 2 API calls 62920->62921 62922 7ffdf9f390a0 62921->62922 62923 7ffdfa0d41f0 2 API calls 62922->62923 62924 7ffdf9f3910b 62923->62924 62925 7ffdfa0d41f0 2 API calls 62924->62925 62926 7ffdf9f39176 62925->62926 62928 7ffdfa0d41f0 2 API calls 62927->62928 62929 7ffdf9f38fc4 62928->62929 62929->62916 62930 7ff7e616c04b 63012 7ff7e614aef0 62930->63012 62933 7ff7e616c0b2 62935 7ff7e614aef0 77 API calls 62933->62935 62934 7ff7e62fece0 __std_exception_destroy 13 API calls 62934->62933 62936 7ff7e616c0d9 62935->62936 62937 7ff7e62fece0 __std_exception_destroy 13 API calls 62936->62937 62938 7ff7e616c119 62937->62938 63015 7ff7e61729f0 62938->63015 62941 7ff7e616c9d9 63080 7ff7e617a470 GetModuleHandleW GetProcAddress 62941->63080 62943 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 62951 7ff7e616c44c 62943->62951 62944 7ff7e616c9e5 62945 7ff7e616c9e9 62944->62945 62946 7ff7e616ca53 62944->62946 63187 7ff7e6156cc0 62945->63187 62948 7ff7e616ca5e 62946->62948 62949 7ff7e616cb5b GetFileAttributesW 62946->62949 62950 7ff7e61479d0 77 API calls 62948->62950 62953 7ff7e616cb77 62949->62953 62965 7ff7e616ca48 62950->62965 63020 7ff7e61727d0 62951->63020 62957 7ff7e616cbce 62953->62957 62958 7ff7e616cba3 62953->62958 62956 7ff7e616c4c0 63028 7ff7e617beb0 62956->63028 63133 7ff7e61479d0 62957->63133 63192 7ff7e61715d0 77 API calls DName::DName 62958->63192 62963 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62966 7ff7e616ccb8 62963->62966 62964 7ff7e616c4f1 63037 7ff7e62a4980 62964->63037 63143 7ff7e616cec0 62965->63143 62969 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62966->62969 62968 7ff7e616c543 63164 7ff7e614e0f0 62968->63164 62970 7ff7e616ccc6 62969->62970 62972 7ff7e62fcd10 DName::DName 8 API calls 62970->62972 62974 7ff7e616cd85 62972->62974 62973 7ff7e616c562 62975 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 62973->62975 62976 7ff7e616c570 62975->62976 63169 7ff7e6172660 62976->63169 62980 7ff7e616c58c shared_ptr 63178 7ff7e6170550 95 API calls Concurrency::cancel_current_task 62980->63178 62982 7ff7e616c692 63179 7ff7e6170690 52 API calls std::_Facet_Register 62982->63179 62984 7ff7e616c6e1 62985 7ff7e616cd9e 62984->62985 62986 7ff7e616c72b 62984->62986 63193 7ff7e62fa850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 62985->63193 62988 7ff7e616cda3 62986->62988 62989 7ff7e616c747 62986->62989 62994 7ff7e616c753 _Yarn 62986->62994 63194 7ff7e61437d0 44 API calls 3 library calls 62988->63194 62991 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 62989->62991 62991->62994 62993 7ff7e616cda9 63180 7ff7e6171240 45 API calls Concurrency::cancel_current_task 62994->63180 62995 7ff7e616c9a2 63186 7ff7e616cdb0 40 API calls 62995->63186 62996 7ff7e616c7fb 62999 7ff7e614c6b0 44 API calls 62996->62999 63009 7ff7e616c88c 62996->63009 63181 7ff7e6171b20 44 API calls 2 library calls 62996->63181 63182 7ff7e6171240 45 API calls Concurrency::cancel_current_task 62996->63182 62999->62996 63001 7ff7e616c9af 63003 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63001->63003 63002 7ff7e62fcdf0 3 API calls 63002->63009 63005 7ff7e616c9bd 63003->63005 63006 7ff7e614db20 44 API calls 63005->63006 63008 7ff7e616c9cb 63006->63008 63010 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63008->63010 63009->62995 63009->63002 63183 7ff7e62fad50 52 API calls 63009->63183 63184 7ff7e62fcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 63009->63184 63185 7ff7e6150cd0 100 API calls 63009->63185 63010->62941 63195 7ff7e614d980 63012->63195 63016 7ff7e614aef0 77 API calls 63015->63016 63017 7ff7e6172a24 63016->63017 63018 7ff7e62fece0 __std_exception_destroy 13 API calls 63017->63018 63019 7ff7e616c125 63018->63019 63019->62941 63019->62943 63021 7ff7e6172905 63020->63021 63023 7ff7e617283c 63020->63023 63325 7ff7e6143890 44 API calls std::_Throw_Cpp_error 63021->63325 63025 7ff7e617284a _Yarn 63023->63025 63324 7ff7e61726f0 44 API calls 4 library calls 63023->63324 63025->62956 63027 7ff7e61728c4 _Yarn 63027->62956 63029 7ff7e617bf0c 63028->63029 63030 7ff7e617bfc0 63029->63030 63035 7ff7e617bf22 63029->63035 63327 7ff7e6143890 44 API calls std::_Throw_Cpp_error 63030->63327 63032 7ff7e617bf30 63032->62964 63035->63032 63326 7ff7e61726f0 44 API calls 4 library calls 63035->63326 63036 7ff7e617bf8c _Yarn 63036->62964 63328 7ff7e62a76c0 63037->63328 63041 7ff7e62a49ef 63042 7ff7e62a4a07 RegCloseKey 63041->63042 63049 7ff7e62a4a19 63041->63049 63043 7ff7e62a4a11 SetLastError 63042->63043 63042->63049 63043->63049 63044 7ff7e62a4ba8 63405 7ff7e62a7310 44 API calls 2 library calls 63044->63405 63045 7ff7e62a4b3a 63048 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63045->63048 63047 7ff7e62a4bcf 63050 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63047->63050 63051 7ff7e62a4b64 63048->63051 63049->63044 63049->63045 63052 7ff7e62a4ab6 ExpandEnvironmentStringsW 63049->63052 63053 7ff7e62a4bdf 63050->63053 63054 7ff7e62fcd10 DName::DName 8 API calls 63051->63054 63404 7ff7e614c300 44 API calls 63052->63404 63406 7ff7e62a4670 42 API calls 63053->63406 63056 7ff7e62a4b73 63054->63056 63056->62968 63057 7ff7e62a4afa 63059 7ff7e62a4b7f 63057->63059 63060 7ff7e62a4b09 ExpandEnvironmentStringsW 63057->63060 63066 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63059->63066 63060->63053 63063 7ff7e62a4b32 63060->63063 63061 7ff7e62a4bf0 63064 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63061->63064 63063->63045 63065 7ff7e62a4c00 63063->63065 63064->63065 63407 7ff7e62a4670 42 API calls 63065->63407 63066->63044 63068 7ff7e62a4c11 63069 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63068->63069 63070 7ff7e62a4c21 63069->63070 63071 7ff7e62a76c0 100 API calls 63070->63071 63072 7ff7e62a4c7c RegQueryValueExW 63071->63072 63408 7ff7e62a43a0 63072->63408 63074 7ff7e62a4cdc 63075 7ff7e62a4cf1 RegCloseKey 63074->63075 63076 7ff7e62a4d06 63074->63076 63075->63076 63077 7ff7e62a4cfe SetLastError 63075->63077 63078 7ff7e62fcd10 DName::DName 8 API calls 63076->63078 63077->63076 63079 7ff7e62a4d18 63078->63079 63079->62968 63081 7ff7e617a4d4 63080->63081 63082 7ff7e617a50f 63080->63082 63084 7ff7e617a4e6 63081->63084 63085 7ff7e617a772 63081->63085 63601 7ff7e62abf70 63082->63601 63510 7ff7e6180770 63084->63510 63091 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63085->63091 63089 7ff7e617a53c 63637 7ff7e6152bd0 63089->63637 63103 7ff7e617a797 63091->63103 63092 7ff7e617a50a 63132 7ff7e617a64d 63092->63132 63589 7ff7e617aa60 63092->63589 63094 7ff7e617a54b GetProcessHeap 63096 7ff7e617a57e 63094->63096 63107 7ff7e617a5a7 63094->63107 63095 7ff7e617a8f8 63097 7ff7e617a907 RevertToSelf 63095->63097 63098 7ff7e617a9e1 63095->63098 63649 7ff7e614b010 45 API calls 3 library calls 63096->63649 63097->63098 63109 7ff7e617a915 63097->63109 63118 7ff7e6156cc0 77 API calls 63098->63118 63131 7ff7e617a852 63098->63131 63100 7ff7e617a6d5 RtlAddVectoredExceptionHandler 63101 7ff7e617a730 63100->63101 63111 7ff7e617a6ed 63100->63111 63104 7ff7e617a739 SetErrorMode 63101->63104 63105 7ff7e617a747 63101->63105 63108 7ff7e617a868 63103->63108 63113 7ff7e617a80a 63103->63113 63104->63105 63114 7ff7e62fcd10 DName::DName 8 API calls 63105->63114 63106 7ff7e617a5db LeaveCriticalSection 63106->63092 63107->63106 63115 7ff7e617a5cc HeapFree 63107->63115 63116 7ff7e617a5d4 63107->63116 63108->63095 63117 7ff7e617a88e VirtualQuery 63108->63117 63119 7ff7e61479d0 77 API calls 63109->63119 63651 7ff7e6170e30 77 API calls DName::DName 63111->63651 63112 7ff7e617a58a 63650 7ff7e6311908 40 API calls 2 library calls 63112->63650 63122 7ff7e6156cc0 77 API calls 63113->63122 63123 7ff7e617a757 63114->63123 63115->63106 63116->63106 63117->63095 63124 7ff7e617a8b4 GetModuleHandleW 63117->63124 63118->63131 63119->63131 63122->63131 63123->62944 63128 7ff7e617a8da 63124->63128 63129 7ff7e617a8c7 GetModuleHandleW 63124->63129 63125 7ff7e62fcd10 DName::DName 8 API calls 63130 7ff7e617aa46 63125->63130 63126 7ff7e61479d0 77 API calls 63126->63132 63127 7ff7e617a5a2 63127->63107 63128->63131 63129->63095 63129->63128 63130->62944 63131->63125 63132->63100 63132->63101 63745 7ff7e614dc20 63133->63745 63136 7ff7e6147a7e 63140 7ff7e62fece0 __std_exception_destroy 13 API calls 63136->63140 63137 7ff7e6147ab2 63138 7ff7e62fece0 __std_exception_destroy 13 API calls 63137->63138 63139 7ff7e6147aad 63138->63139 63141 7ff7e62fcd10 DName::DName 8 API calls 63139->63141 63140->63139 63142 7ff7e6147af3 63141->63142 63142->62965 63144 7ff7e614aef0 77 API calls 63143->63144 63145 7ff7e616cf02 63144->63145 63146 7ff7e62fece0 __std_exception_destroy 13 API calls 63145->63146 63147 7ff7e616cf3d 63146->63147 63148 7ff7e61729f0 77 API calls 63147->63148 63149 7ff7e616cf49 63148->63149 63150 7ff7e616cf91 63149->63150 63151 7ff7e614aef0 77 API calls 63149->63151 63152 7ff7e614aef0 77 API calls 63150->63152 63153 7ff7e616cf61 63151->63153 63154 7ff7e616cfa5 63152->63154 63155 7ff7e62fece0 __std_exception_destroy 13 API calls 63153->63155 63156 7ff7e62fece0 __std_exception_destroy 13 API calls 63154->63156 63155->63150 63157 7ff7e616cfd5 63156->63157 63158 7ff7e61729f0 77 API calls 63157->63158 63159 7ff7e616cfe1 63158->63159 63160 7ff7e616ccaa 63159->63160 63161 7ff7e614aef0 77 API calls 63159->63161 63160->62963 63162 7ff7e616cff9 63161->63162 63163 7ff7e62fece0 __std_exception_destroy 13 API calls 63162->63163 63163->63160 63165 7ff7e614e165 63164->63165 63168 7ff7e614e11e _Yarn 63164->63168 63808 7ff7e6152500 44 API calls 4 library calls 63165->63808 63167 7ff7e614e17d 63167->62973 63168->62973 63170 7ff7e617267d 63169->63170 63171 7ff7e616c57e 63169->63171 63170->63171 63172 7ff7e61726a9 RegCloseKey 63170->63172 63174 7ff7e6172910 63171->63174 63172->63171 63173 7ff7e61726b3 SetLastError 63172->63173 63173->63171 63175 7ff7e6172949 63174->63175 63176 7ff7e6172929 63174->63176 63175->62980 63176->63174 63176->63175 63177 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 63176->63177 63177->63176 63178->62982 63179->62984 63180->62996 63181->62996 63182->62996 63183->63009 63185->63009 63186->63001 63188 7ff7e61479d0 77 API calls 63187->63188 63189 7ff7e6156cfd 63188->63189 63189->63189 63190 7ff7e62fcd10 DName::DName 8 API calls 63189->63190 63191 7ff7e6156d93 63190->63191 63191->62965 63192->62965 63194->62993 63203 7ff7e614e3f0 63195->63203 63199 7ff7e614d9b5 63200 7ff7e614af0e 63199->63200 63248 7ff7e61437b0 20 API calls 63199->63248 63200->62933 63200->62934 63204 7ff7e614e431 63203->63204 63231 7ff7e614e58e 63203->63231 63219 7ff7e614e542 63204->63219 63249 7ff7e6147380 63204->63249 63206 7ff7e62fcd10 DName::DName 8 API calls 63209 7ff7e614d9ad 63206->63209 63207 7ff7e614e59f 63210 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63207->63210 63233 7ff7e629d250 63209->63233 63212 7ff7e614e5af 63210->63212 63213 7ff7e614e4ff 63216 7ff7e614e504 WaitForSingleObject 63213->63216 63218 7ff7e614e4f1 63213->63218 63214 7ff7e614e461 63264 7ff7e614ecc0 63214->63264 63216->63218 63218->63219 63222 7ff7e614e527 CloseHandle 63218->63222 63219->63206 63220 7ff7e614e56e 63284 7ff7e62ad690 42 API calls 63220->63284 63221 7ff7e614e49e 63223 7ff7e62fce80 std::_Facet_Register 44 API calls 63221->63223 63225 7ff7e62fcd30 63222->63225 63226 7ff7e614e4b3 63223->63226 63225->63219 63267 7ff7e629db00 60 API calls 63226->63267 63227 7ff7e614e57e 63229 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63227->63229 63229->63231 63230 7ff7e614e4e2 63268 7ff7e629d160 63230->63268 63285 7ff7e62ad690 42 API calls 63231->63285 63234 7ff7e629d2b0 63233->63234 63240 7ff7e629d266 63233->63240 63323 7ff7e629d470 42 API calls 63234->63323 63236 7ff7e629d27d 63236->63199 63237 7ff7e629d2bb 63239 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63237->63239 63242 7ff7e629d2cc 63239->63242 63240->63236 63247 7ff7e629d294 63240->63247 63321 7ff7e61437b0 20 API calls 63240->63321 63241 7ff7e629d29f 63243 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63241->63243 63244 7ff7e62fec50 __std_exception_copy 42 API calls 63242->63244 63243->63234 63246 7ff7e629d30b 63244->63246 63246->63199 63322 7ff7e629d430 42 API calls 63247->63322 63286 7ff7e629d090 63249->63286 63251 7ff7e61473c1 63252 7ff7e61473f3 63251->63252 63253 7ff7e61473dc CloseHandle 63251->63253 63255 7ff7e614742b 63252->63255 63256 7ff7e6147415 63252->63256 63254 7ff7e62fcd30 63253->63254 63254->63252 63257 7ff7e62fce80 std::_Facet_Register 44 API calls 63255->63257 63258 7ff7e6147427 63256->63258 63259 7ff7e614741c LeaveCriticalSection 63256->63259 63260 7ff7e6147435 CreateEventW 63257->63260 63262 7ff7e62fcd10 DName::DName 8 API calls 63258->63262 63259->63258 63260->63258 63261 7ff7e614746a LeaveCriticalSection 63260->63261 63261->63258 63263 7ff7e6147484 63262->63263 63263->63213 63263->63214 63298 7ff7e614ed90 63264->63298 63267->63230 63269 7ff7e629d090 63 API calls 63268->63269 63270 7ff7e629d19d 63269->63270 63271 7ff7e629d220 63270->63271 63272 7ff7e629d1b0 SetEvent 63270->63272 63320 7ff7e62ad690 42 API calls 63271->63320 63274 7ff7e629d1e8 63272->63274 63275 7ff7e629d1cc 63272->63275 63278 7ff7e629d205 63274->63278 63279 7ff7e629d1fa LeaveCriticalSection 63274->63279 63275->63274 63277 7ff7e629d1d1 FindCloseChangeNotification 63275->63277 63276 7ff7e629d231 63280 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63276->63280 63277->63274 63281 7ff7e62fcd10 DName::DName 8 API calls 63278->63281 63279->63278 63282 7ff7e629d242 63280->63282 63283 7ff7e629d212 63281->63283 63283->63218 63284->63227 63285->63207 63287 7ff7e629d0b9 63286->63287 63288 7ff7e629d13d EnterCriticalSection 63286->63288 63289 7ff7e62fce80 std::_Facet_Register 44 API calls 63287->63289 63288->63251 63290 7ff7e629d0c6 InitializeCriticalSection 63289->63290 63291 7ff7e629d0ff 63290->63291 63292 7ff7e629d0e7 DeleteCriticalSection 63290->63292 63293 7ff7e62fce80 std::_Facet_Register 44 API calls 63291->63293 63295 7ff7e629d0fd 63292->63295 63294 7ff7e629d109 63293->63294 63297 7ff7e629db00 60 API calls 63294->63297 63295->63288 63297->63295 63299 7ff7e62fce80 std::_Facet_Register 44 API calls 63298->63299 63300 7ff7e614ed9e 63299->63300 63303 7ff7e614eef0 63300->63303 63304 7ff7e614ef4b 63303->63304 63306 7ff7e614e48a 63304->63306 63307 7ff7e614f230 63304->63307 63306->63220 63306->63221 63308 7ff7e614f26e 63307->63308 63315 7ff7e629b450 63308->63315 63312 7ff7e614f33c 63313 7ff7e62fcd10 DName::DName 8 API calls 63312->63313 63314 7ff7e614f3c4 63313->63314 63314->63306 63319 7ff7e629b4f0 47 API calls 3 library calls 63315->63319 63317 7ff7e614f287 63318 7ff7e62ff5f0 RtlPcToFileHeader RtlPcToFileHeader RaiseException Concurrency::cancel_current_task FindMITargetTypeInstance 63317->63318 63318->63312 63319->63317 63320->63276 63322->63241 63323->63237 63324->63027 63326->63036 63329 7ff7e62a784c 63328->63329 63330 7ff7e62a772b 63328->63330 63429 7ff7e62a72b0 99 API calls 63329->63429 63332 7ff7e617beb0 44 API calls 63330->63332 63340 7ff7e62a77c0 63330->63340 63334 7ff7e62a7749 RegOpenKeyExW 63332->63334 63336 7ff7e62a779e 63334->63336 63335 7ff7e62a43a0 45 API calls 63337 7ff7e62a7821 63335->63337 63338 7ff7e6172910 40 API calls 63336->63338 63339 7ff7e62fcd10 DName::DName 8 API calls 63337->63339 63338->63340 63341 7ff7e62a49d5 63339->63341 63340->63335 63342 7ff7e62a6300 RegQueryValueExW 63341->63342 63343 7ff7e62a63a9 63342->63343 63345 7ff7e62a6401 63342->63345 63449 7ff7e6153e00 63343->63449 63347 7ff7e62a43a0 45 API calls 63345->63347 63351 7ff7e62a6438 63345->63351 63346 7ff7e62a63da 63348 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63346->63348 63347->63351 63349 7ff7e62a657f 63348->63349 63353 7ff7e62fcd10 DName::DName 8 API calls 63349->63353 63350 7ff7e62a64d4 RegQueryValueExW 63350->63351 63352 7ff7e62a651d 63350->63352 63351->63346 63351->63350 63355 7ff7e62a65ac 63351->63355 63457 7ff7e6152370 44 API calls 4 library calls 63351->63457 63356 7ff7e62a43a0 45 API calls 63352->63356 63357 7ff7e62a6591 63353->63357 63430 7ff7e615c140 44 API calls 63355->63430 63356->63346 63357->63041 63359 7ff7e62a65e2 63360 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63359->63360 63361 7ff7e62a65ff RegQueryValueExW 63360->63361 63362 7ff7e62a66a0 63361->63362 63363 7ff7e62a66da 63361->63363 63431 7ff7e61f3c80 63362->63431 63366 7ff7e62a43a0 45 API calls 63363->63366 63374 7ff7e62a6711 shared_ptr 63363->63374 63365 7ff7e62a66b8 63459 7ff7e61f0940 103 API calls 4 library calls 63365->63459 63366->63374 63368 7ff7e62a6781 RegQueryValueExW 63370 7ff7e62a67bc 63368->63370 63368->63374 63369 7ff7e62a681f 63371 7ff7e62fcd10 DName::DName 8 API calls 63369->63371 63376 7ff7e62a43a0 45 API calls 63370->63376 63373 7ff7e62a6831 63371->63373 63373->63041 63374->63365 63374->63368 63375 7ff7e62a684c 63374->63375 63458 7ff7e62a7170 44 API calls 5 library calls 63374->63458 63460 7ff7e615c140 44 API calls 63375->63460 63376->63365 63378 7ff7e62a6882 63379 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63378->63379 63380 7ff7e62a689f RegQueryValueExW 63379->63380 63381 7ff7e62a6971 63380->63381 63382 7ff7e62a693a 63380->63382 63385 7ff7e62a43a0 45 API calls 63381->63385 63394 7ff7e62a69a8 shared_ptr 63381->63394 63461 7ff7e61b2c30 44 API calls 2 library calls 63382->63461 63384 7ff7e62a694f 63463 7ff7e614dbc0 63384->63463 63385->63394 63387 7ff7e62a6a15 RegQueryValueExW 63390 7ff7e62a6a50 63387->63390 63387->63394 63388 7ff7e62a6ab3 63389 7ff7e62fcd10 DName::DName 8 API calls 63388->63389 63393 7ff7e62a6ac2 63389->63393 63391 7ff7e62a43a0 45 API calls 63390->63391 63391->63384 63393->63041 63394->63384 63394->63387 63395 7ff7e62a6add 63394->63395 63462 7ff7e615c410 44 API calls 4 library calls 63394->63462 63468 7ff7e615c140 44 API calls 63395->63468 63397 7ff7e62a6b13 63398 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63397->63398 63399 7ff7e62a6b30 63398->63399 63400 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 63399->63400 63403 7ff7e62a6bb0 63399->63403 63400->63403 63402 7ff7e62a6c42 63469 7ff7e61437d0 44 API calls 3 library calls 63403->63469 63404->63057 63405->63047 63406->63061 63407->63068 63409 7ff7e62a43c2 63408->63409 63410 7ff7e62a43e7 63408->63410 63475 7ff7e62a3fb0 63409->63475 63410->63074 63412 7ff7e62a4447 63491 7ff7e62a75f0 63412->63491 63413 7ff7e62a4478 63497 7ff7e62a74d0 44 API calls 2 library calls 63413->63497 63414 7ff7e62a4416 63496 7ff7e62a7400 44 API calls 2 library calls 63414->63496 63418 7ff7e62a4499 63422 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63418->63422 63420 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63420->63413 63421 7ff7e62a43cf 63421->63412 63421->63413 63421->63414 63424 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63421->63424 63425 7ff7e62a44a9 63422->63425 63423 7ff7e62a4437 63426 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63423->63426 63424->63414 63427 7ff7e62fec50 __std_exception_copy 42 API calls 63425->63427 63426->63412 63428 7ff7e62a44eb 63427->63428 63428->63074 63430->63359 63432 7ff7e61f3ce4 63431->63432 63447 7ff7e61f3e16 63431->63447 63433 7ff7e61f3d12 63432->63433 63434 7ff7e61f3eeb 63432->63434 63442 7ff7e61f3e4a _Yarn 63432->63442 63435 7ff7e61f3d32 63433->63435 63437 7ff7e61f3ef0 63433->63437 63471 7ff7e6158c90 44 API calls std::_Throw_Cpp_error 63434->63471 63438 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 63435->63438 63472 7ff7e61437d0 44 API calls 3 library calls 63437->63472 63440 7ff7e61f3d4b _Yarn 63438->63440 63441 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 63440->63441 63440->63447 63443 7ff7e61f3efc 63441->63443 63442->63365 63470 7ff7e61f4d30 44 API calls 63443->63470 63445 7ff7e61f408d 63446 7ff7e61df3b0 103 API calls 63445->63446 63448 7ff7e61f4093 63446->63448 63447->63365 63450 7ff7e6153e2b 63449->63450 63451 7ff7e6153f2d 63449->63451 63456 7ff7e6153e46 _Yarn 63450->63456 63473 7ff7e6158100 44 API calls 4 library calls 63450->63473 63474 7ff7e614ece0 44 API calls _invalid_parameter_noinfo_noreturn 63451->63474 63455 7ff7e6153f22 63455->63346 63456->63346 63457->63350 63458->63374 63459->63369 63460->63378 63461->63384 63462->63394 63464 7ff7e614dbd7 63463->63464 63465 7ff7e614dbfc 63463->63465 63464->63465 63466 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 63464->63466 63465->63388 63467 7ff7e614dc1c 63466->63467 63468->63397 63469->63402 63472->63440 63473->63455 63476 7ff7e62a4010 63475->63476 63476->63476 63477 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 63476->63477 63480 7ff7e62a4022 63477->63480 63478 7ff7e62a42e7 63478->63421 63479 7ff7e614c5b0 44 API calls 63481 7ff7e62a4270 _Yarn 63479->63481 63480->63480 63490 7ff7e62a4245 63480->63490 63498 7ff7e614c5b0 63480->63498 63483 7ff7e614e0f0 44 API calls 63481->63483 63484 7ff7e62a42dd 63483->63484 63485 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63484->63485 63485->63478 63486 7ff7e62a4179 _Yarn 63487 7ff7e614e0f0 44 API calls 63486->63487 63488 7ff7e62a423b 63487->63488 63489 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63488->63489 63489->63490 63490->63478 63490->63479 63492 7ff7e614c5b0 44 API calls 63491->63492 63493 7ff7e62a762b _Yarn 63492->63493 63494 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63493->63494 63495 7ff7e62a4468 63494->63495 63495->63420 63496->63423 63497->63418 63499 7ff7e614c5f8 63498->63499 63500 7ff7e614c6a3 63498->63500 63502 7ff7e614c62e 63499->63502 63504 7ff7e614c69e 63499->63504 63507 7ff7e614c606 63499->63507 63509 7ff7e6143890 44 API calls std::_Throw_Cpp_error 63500->63509 63505 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 63502->63505 63508 7ff7e61437d0 44 API calls 3 library calls 63504->63508 63505->63507 63507->63486 63508->63500 63511 7ff7e62abf70 61 API calls 63510->63511 63512 7ff7e61807ab EnterCriticalSection GetProcessHeap 63511->63512 63513 7ff7e62fed70 63512->63513 63514 7ff7e61807e7 GetProcessHeap 63513->63514 63519 7ff7e618080e 63514->63519 63537 7ff7e6180873 63514->63537 63515 7ff7e6180889 HeapAlloc 63516 7ff7e6180891 63515->63516 63517 7ff7e61808a3 GetProcessHeap 63516->63517 63518 7ff7e61809a2 Concurrency::cancel_current_task 63516->63518 63652 7ff7e6158cb0 63517->63652 63524 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63518->63524 63522 7ff7e6180846 HeapAlloc 63519->63522 63523 7ff7e61809bb Concurrency::cancel_current_task 63519->63523 63529 7ff7e618084e 63519->63529 63519->63537 63521 7ff7e61808e2 63526 7ff7e6180907 63521->63526 63527 7ff7e61808ff HeapFree 63521->63527 63522->63529 63525 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63523->63525 63524->63523 63528 7ff7e61809d5 Concurrency::cancel_current_task 63525->63528 63530 7ff7e6180931 63526->63530 63533 7ff7e6180929 HeapFree 63526->63533 63527->63526 63538 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63528->63538 63529->63528 63659 7ff7e6311908 40 API calls 2 library calls 63529->63659 63531 7ff7e6180971 LeaveCriticalSection 63530->63531 63534 7ff7e618096a 63530->63534 63535 7ff7e6180962 HeapFree 63530->63535 63536 7ff7e62fcd10 DName::DName 8 API calls 63531->63536 63533->63530 63534->63531 63535->63531 63539 7ff7e617a4f3 GetCurrentThreadId 63536->63539 63537->63515 63537->63516 63540 7ff7e61809ef 63538->63540 63541 7ff7e617c2d0 GetModuleHandleW GetProcAddress 63539->63541 63542 7ff7e617c460 63541->63542 63544 7ff7e617c33b 63541->63544 63546 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63542->63546 63550 7ff7e62fce80 std::_Facet_Register 44 API calls 63544->63550 63570 7ff7e617c44b 63544->63570 63545 7ff7e617c451 63551 7ff7e62fb66c std::_Throw_Cpp_error 47 API calls 63545->63551 63547 7ff7e617c488 63546->63547 63548 7ff7e617c4a5 SetEvent 63547->63548 63549 7ff7e617c4df 63547->63549 63552 7ff7e617c4b5 GetCurrentThreadId 63548->63552 63553 7ff7e617c4f0 63548->63553 63549->63092 63554 7ff7e617c38f 63550->63554 63551->63542 63555 7ff7e617c4bf 63552->63555 63560 7ff7e617c4fa 63552->63560 63557 7ff7e62fb66c std::_Throw_Cpp_error 47 API calls 63553->63557 63661 7ff7e6313ff8 63554->63661 63691 7ff7e62fb6d8 WaitForSingleObjectEx GetExitCodeThread CloseHandle 63555->63691 63557->63560 63679 7ff7e62fb66c 63560->63679 63562 7ff7e617c4d4 63563 7ff7e617c4d8 63562->63563 63567 7ff7e62fb66c std::_Throw_Cpp_error 47 API calls 63562->63567 63563->63549 63564 7ff7e617c446 63689 7ff7e631238c 38 API calls 2 library calls 63564->63689 63565 7ff7e617c3e0 63568 7ff7e62fce80 std::_Facet_Register 44 API calls 63565->63568 63571 7ff7e617c4ef 63567->63571 63572 7ff7e617c3f3 63568->63572 63569 7ff7e617c505 shared_ptr 63685 7ff7e617ca40 63569->63685 63690 7ff7e61816f0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 63570->63690 63571->63553 63688 7ff7e629db00 60 API calls 63572->63688 63575 7ff7e617c584 63578 7ff7e617ce40 272 API calls 63575->63578 63576 7ff7e617c423 63577 7ff7e62fcd10 DName::DName 8 API calls 63576->63577 63579 7ff7e617c433 63577->63579 63580 7ff7e617c58f 63578->63580 63579->63092 63581 7ff7e617bfd0 10 API calls 63580->63581 63582 7ff7e617c59d 63581->63582 63583 7ff7e617c050 CloseHandle 63582->63583 63584 7ff7e617c5aa 63583->63584 63585 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63584->63585 63586 7ff7e617c5b4 63585->63586 63587 7ff7e62fcd10 DName::DName 8 API calls 63586->63587 63588 7ff7e617c5d7 63587->63588 63588->63092 63590 7ff7e617aa9c 63589->63590 63591 7ff7e617ab61 SetUnhandledExceptionFilter 63589->63591 63594 7ff7e61479d0 77 API calls 63590->63594 63592 7ff7e617abec 63591->63592 63593 7ff7e617ab7c GetModuleHandleW GetProcAddress 63591->63593 63737 7ff7e617b740 63592->63737 63593->63592 63595 7ff7e617aba1 VirtualProtect 63593->63595 63599 7ff7e617aadf 63594->63599 63595->63592 63597 7ff7e617abc2 VirtualProtect 63595->63597 63597->63592 63598 7ff7e62fcd10 DName::DName 8 API calls 63600 7ff7e617a602 63598->63600 63599->63598 63600->63126 63600->63132 63602 7ff7e62ac13f 63601->63602 63603 7ff7e62abfa9 63601->63603 63605 7ff7e62fcd10 DName::DName 8 API calls 63602->63605 63604 7ff7e62abfe0 GetModuleHandleW GetClassInfoExW 63603->63604 63606 7ff7e62ac001 GetLastError Sleep 63604->63606 63607 7ff7e62ac128 63604->63607 63608 7ff7e617a514 EnterCriticalSection 63605->63608 63606->63604 63609 7ff7e62ac01b 63606->63609 63607->63602 63608->63089 63610 7ff7e62ac027 GetProcessHeap 63609->63610 63613 7ff7e62ac193 63609->63613 63611 7ff7e62ac042 HeapAlloc 63610->63611 63612 7ff7e62ac04a 63610->63612 63611->63612 63615 7ff7e62ac1b9 Concurrency::cancel_current_task 63612->63615 63616 7ff7e62ac05c InitializeCriticalSection GetProcessHeap GetProcessHeap RegisterClassExW 63612->63616 63743 7ff7e62993b0 45 API calls std::_Throw_Cpp_error 63613->63743 63623 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63615->63623 63618 7ff7e62ac123 63616->63618 63619 7ff7e62ac0aa 63616->63619 63617 7ff7e62ac1a8 63621 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63617->63621 63620 7ff7e62abf70 45 API calls 63618->63620 63622 7ff7e62ac0e0 DeleteCriticalSection GetProcessHeap 63619->63622 63626 7ff7e62ac0d2 63619->63626 63627 7ff7e62ac0ca HeapFree 63619->63627 63620->63607 63621->63615 63624 7ff7e62ac105 HeapFree 63622->63624 63625 7ff7e62ac10d 63622->63625 63629 7ff7e62ac1d5 63623->63629 63628 7ff7e62ac116 GetLastError 63624->63628 63625->63628 63626->63622 63627->63626 63628->63618 63630 7ff7e62ac168 GetLastError 63628->63630 63744 7ff7e62fa870 44 API calls Concurrency::cancel_current_task 63629->63744 63631 7ff7e62ac175 63630->63631 63742 7ff7e62993b0 45 API calls std::_Throw_Cpp_error 63631->63742 63635 7ff7e62ac182 63636 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63635->63636 63636->63613 63638 7ff7e62abf70 61 API calls 63637->63638 63641 7ff7e6152be9 63638->63641 63639 7ff7e62abf70 61 API calls 63640 7ff7e6152c66 63639->63640 63642 7ff7e6152c6b 63640->63642 63646 7ff7e6152c7f Concurrency::cancel_current_task 63640->63646 63641->63639 63643 7ff7e62abf70 61 API calls 63642->63643 63645 7ff7e6152c70 63643->63645 63644 7ff7e6152cb6 63644->63094 63645->63094 63646->63644 63647 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63646->63647 63648 7ff7e6152ce0 63647->63648 63649->63112 63650->63127 63651->63101 63653 7ff7e6152bd0 61 API calls 63652->63653 63654 7ff7e6158d08 GetProcessHeap 63653->63654 63655 7ff7e6158d57 63654->63655 63656 7ff7e62abf70 61 API calls 63655->63656 63657 7ff7e6158d64 GetProcessHeap 63656->63657 63660 7ff7e6156070 48 API calls 3 library calls 63657->63660 63659->63537 63662 7ff7e6314028 63661->63662 63663 7ff7e6314011 63661->63663 63692 7ff7e6313f94 63662->63692 63699 7ff7e6312280 11 API calls _Wcrtomb 63663->63699 63667 7ff7e6314016 63700 7ff7e6312104 40 API calls _invalid_parameter_noinfo 63667->63700 63668 7ff7e6314078 63673 7ff7e6314088 CloseHandle 63668->63673 63674 7ff7e631408e 63668->63674 63675 7ff7e617c3d0 63668->63675 63669 7ff7e631403b CreateThread 63671 7ff7e631406b GetLastError 63669->63671 63669->63675 63701 7ff7e63121f0 11 API calls 2 library calls 63671->63701 63673->63674 63676 7ff7e6314097 FreeLibrary 63674->63676 63677 7ff7e631409d 63674->63677 63675->63545 63675->63564 63675->63565 63676->63677 63702 7ff7e6321220 63677->63702 63680 7ff7e62fb685 std::_Throw_Cpp_error 63679->63680 63719 7ff7e62fb54c 63680->63719 63682 7ff7e62fb6a1 63683 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63682->63683 63684 7ff7e62fb6b2 CloseHandle 63683->63684 63684->63569 63686 7ff7e617caa5 GetCurrentProcess GetNativeSystemInfo 63685->63686 63687 7ff7e617cb8e 63686->63687 63688->63576 63689->63570 63691->63562 63708 7ff7e63210f0 63692->63708 63695 7ff7e6321220 __free_lconv_num 11 API calls 63696 7ff7e6313fc0 63695->63696 63697 7ff7e6313fc9 GetModuleHandleExW 63696->63697 63698 7ff7e6313fc5 63696->63698 63697->63698 63698->63668 63698->63669 63699->63667 63700->63675 63701->63668 63703 7ff7e6321256 63702->63703 63704 7ff7e6321225 HeapFree 63702->63704 63703->63675 63704->63703 63705 7ff7e6321240 GetLastError 63704->63705 63706 7ff7e632124d __free_lconv_num 63705->63706 63718 7ff7e6312280 11 API calls _Wcrtomb 63706->63718 63709 7ff7e6321101 63708->63709 63715 7ff7e632110f _Getctype 63708->63715 63710 7ff7e6321152 63709->63710 63709->63715 63717 7ff7e6312280 11 API calls _Wcrtomb 63710->63717 63711 7ff7e6321136 HeapAlloc 63712 7ff7e6321150 63711->63712 63711->63715 63714 7ff7e6313fb6 63712->63714 63714->63695 63715->63710 63715->63711 63716 7ff7e6320a38 std::_Facet_Register 2 API calls 63715->63716 63716->63715 63717->63714 63718->63703 63720 7ff7e62fb588 63719->63720 63720->63720 63735 7ff7e6152020 44 API calls 2 library calls 63720->63735 63722 7ff7e62fb59e 63736 7ff7e6143a70 45 API calls std::_Throw_Cpp_error 63722->63736 63724 7ff7e62fb638 63725 7ff7e62fcd10 DName::DName 8 API calls 63724->63725 63727 7ff7e62fb656 63725->63727 63726 7ff7e62fb5bf std::_Throw_Cpp_error 63726->63724 63728 7ff7e62fb666 63726->63728 63727->63682 63729 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 63728->63729 63730 7ff7e62fb66b std::_Throw_Cpp_error 63729->63730 63731 7ff7e62fb54c std::_Throw_Cpp_error 45 API calls 63730->63731 63732 7ff7e62fb6a1 63731->63732 63733 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63732->63733 63734 7ff7e62fb6b2 CloseHandle 63733->63734 63734->63682 63735->63722 63736->63726 63738 7ff7e61479d0 77 API calls 63737->63738 63739 7ff7e617b77a 63738->63739 63740 7ff7e62fcd10 DName::DName 8 API calls 63739->63740 63741 7ff7e617b806 63740->63741 63741->63599 63742->63635 63743->63617 63753 7ff7e614e230 63745->63753 63748 7ff7e629d250 45 API calls 63750 7ff7e614dc55 63748->63750 63749 7ff7e6147a2b 63749->63136 63749->63137 63750->63749 63783 7ff7e61437b0 20 API calls 63750->63783 63754 7ff7e614e271 63753->63754 63781 7ff7e614e3ce 63753->63781 63757 7ff7e6147380 67 API calls 63754->63757 63768 7ff7e614e382 63754->63768 63756 7ff7e614e3df 63759 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63756->63759 63760 7ff7e614e295 63757->63760 63758 7ff7e62fcd10 DName::DName 8 API calls 63761 7ff7e614dc4d 63758->63761 63762 7ff7e614e3ef 63759->63762 63763 7ff7e614e33f 63760->63763 63764 7ff7e614e2a1 63760->63764 63761->63748 63765 7ff7e614e331 63763->63765 63766 7ff7e614e344 WaitForSingleObject 63763->63766 63784 7ff7e614ebd0 63764->63784 63765->63768 63770 7ff7e614e367 CloseHandle 63765->63770 63766->63765 63768->63758 63775 7ff7e62fcd30 63770->63775 63771 7ff7e614e3ae 63788 7ff7e62ad690 42 API calls 63771->63788 63772 7ff7e614e2de 63773 7ff7e62fce80 std::_Facet_Register 44 API calls 63772->63773 63776 7ff7e614e2f3 63773->63776 63775->63768 63787 7ff7e629db00 60 API calls 63776->63787 63777 7ff7e614e3be 63779 7ff7e62ff810 Concurrency::cancel_current_task 2 API calls 63777->63779 63779->63781 63780 7ff7e614e322 63782 7ff7e629d160 66 API calls 63780->63782 63789 7ff7e62ad690 42 API calls 63781->63789 63782->63765 63790 7ff7e614ed60 63784->63790 63787->63780 63788->63777 63789->63756 63791 7ff7e62fce80 std::_Facet_Register 44 API calls 63790->63791 63792 7ff7e614ed6e 63791->63792 63795 7ff7e614edc0 63792->63795 63796 7ff7e614ee14 63795->63796 63798 7ff7e614e2ca 63796->63798 63799 7ff7e614f030 63796->63799 63798->63771 63798->63772 63800 7ff7e614f06e 63799->63800 63801 7ff7e629b450 47 API calls 63800->63801 63802 7ff7e614f087 63801->63802 63807 7ff7e62ff5f0 RtlPcToFileHeader RtlPcToFileHeader RaiseException Concurrency::cancel_current_task FindMITargetTypeInstance 63802->63807 63804 7ff7e614f13c 63805 7ff7e62fcd10 DName::DName 8 API calls 63804->63805 63806 7ff7e614f1c4 63805->63806 63806->63798 63807->63804 63808->63167 63809 7ff7e6148ee8 GetCurrentProcessId 63810 7ff7e6148ef5 63809->63810 63828 7ff7e62a1820 63810->63828 63813 7ff7e6148fd7 63839 7ff7e6151d80 63813->63839 63814 7ff7e6148f0a 63815 7ff7e61479d0 77 API calls 63814->63815 63820 7ff7e6148f4d 63815->63820 63817 7ff7e6149061 InstupInit 63821 7ff7e614906d 63817->63821 63819 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63819->63817 63820->63817 63822 7ff7e6151d80 77 API calls 63821->63822 63823 7ff7e6149110 63822->63823 63824 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63823->63824 63825 7ff7e614942a 63824->63825 63826 7ff7e62fcd10 DName::DName 8 API calls 63825->63826 63827 7ff7e6149438 63826->63827 63835 7ff7e62a1858 63828->63835 63829 7ff7e62a18c0 CreateFileW 63830 7ff7e62a18ff GetLastError 63829->63830 63829->63835 63831 7ff7e62a19cc 63830->63831 63833 7ff7e62a19df 63831->63833 63834 7ff7e62a19d4 CloseHandle 63831->63834 63832 7ff7e62a1943 DeviceIoControl 63832->63835 63836 7ff7e62a19b6 GetLastError 63832->63836 63837 7ff7e62fcd10 DName::DName 8 API calls 63833->63837 63834->63833 63835->63829 63835->63831 63835->63832 63836->63831 63838 7ff7e6148f02 63837->63838 63838->63813 63838->63814 63840 7ff7e61479d0 77 API calls 63839->63840 63843 7ff7e6151dd0 63840->63843 63841 7ff7e6151e61 63842 7ff7e62fcd10 DName::DName 8 API calls 63841->63842 63844 7ff7e6149056 63842->63844 63843->63841 63848 7ff7e615a5f0 44 API calls DName::DName 63843->63848 63844->63819 63846 7ff7e6151e12 63847 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63846->63847 63847->63841 63848->63846 63849 7ffdfa11bdd4 63850 7ffdfa11be1d memcpy_s 63849->63850 63851 7ffdfa11bde3 63849->63851 63851->63850 63852 7ffdfa11be06 RtlAllocateHeap 63851->63852 63853 7ffdfa11ad70 EnterCriticalSection 63851->63853 63852->63850 63852->63851 63853->63851 63854 7ff7e616c3f5 63855 7ff7e616c409 63854->63855 63856 7ff7e616c9d9 63855->63856 63858 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 63855->63858 63857 7ff7e617a470 341 API calls 63856->63857 63859 7ff7e616c9e5 63857->63859 63866 7ff7e616c44c 63858->63866 63860 7ff7e616c9e9 63859->63860 63861 7ff7e616ca53 63859->63861 63862 7ff7e6156cc0 77 API calls 63860->63862 63863 7ff7e616ca5e 63861->63863 63864 7ff7e616cb5b GetFileAttributesW 63861->63864 63880 7ff7e616ca48 63862->63880 63865 7ff7e61479d0 77 API calls 63863->63865 63868 7ff7e616cb77 63864->63868 63865->63880 63869 7ff7e61727d0 44 API calls 63866->63869 63872 7ff7e616cbce 63868->63872 63873 7ff7e616cba3 63868->63873 63871 7ff7e616c4c0 63869->63871 63870 7ff7e616cec0 77 API calls 63874 7ff7e616ccaa 63870->63874 63875 7ff7e617beb0 44 API calls 63871->63875 63877 7ff7e61479d0 77 API calls 63872->63877 63936 7ff7e61715d0 77 API calls DName::DName 63873->63936 63878 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63874->63878 63879 7ff7e616c4f1 63875->63879 63877->63880 63881 7ff7e616ccb8 63878->63881 63882 7ff7e62a4980 117 API calls 63879->63882 63880->63870 63884 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63881->63884 63883 7ff7e616c543 63882->63883 63886 7ff7e614e0f0 44 API calls 63883->63886 63885 7ff7e616ccc6 63884->63885 63887 7ff7e62fcd10 DName::DName 8 API calls 63885->63887 63888 7ff7e616c562 63886->63888 63889 7ff7e616cd85 63887->63889 63890 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63888->63890 63891 7ff7e616c570 63890->63891 63892 7ff7e6172660 2 API calls 63891->63892 63893 7ff7e616c57e 63892->63893 63894 7ff7e6172910 40 API calls 63893->63894 63895 7ff7e616c58c shared_ptr 63894->63895 63927 7ff7e6170550 95 API calls Concurrency::cancel_current_task 63895->63927 63897 7ff7e616c692 63928 7ff7e6170690 52 API calls std::_Facet_Register 63897->63928 63899 7ff7e616c6e1 63900 7ff7e616cd9e 63899->63900 63901 7ff7e616c72b 63899->63901 63937 7ff7e62fa850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 63900->63937 63903 7ff7e616cda3 63901->63903 63904 7ff7e616c747 63901->63904 63909 7ff7e616c753 _Yarn 63901->63909 63938 7ff7e61437d0 44 API calls 3 library calls 63903->63938 63906 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 63904->63906 63906->63909 63908 7ff7e616cda9 63929 7ff7e6171240 45 API calls Concurrency::cancel_current_task 63909->63929 63910 7ff7e616c9a2 63935 7ff7e616cdb0 40 API calls 63910->63935 63911 7ff7e616c7fb 63914 7ff7e614c6b0 44 API calls 63911->63914 63924 7ff7e616c88c 63911->63924 63930 7ff7e6171b20 44 API calls 2 library calls 63911->63930 63931 7ff7e6171240 45 API calls Concurrency::cancel_current_task 63911->63931 63914->63911 63916 7ff7e616c9af 63918 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63916->63918 63917 7ff7e62fcdf0 3 API calls 63917->63924 63920 7ff7e616c9bd 63918->63920 63921 7ff7e614db20 44 API calls 63920->63921 63923 7ff7e616c9cb 63921->63923 63925 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63923->63925 63924->63910 63924->63917 63932 7ff7e62fad50 52 API calls 63924->63932 63933 7ff7e62fcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 63924->63933 63934 7ff7e6150cd0 100 API calls 63924->63934 63925->63856 63927->63897 63928->63899 63929->63911 63930->63911 63931->63911 63932->63924 63934->63924 63935->63916 63936->63880 63938->63908 63939 7ff7e6324070 63940 7ff7e63240d1 63939->63940 63947 7ff7e63240cc __crtLCMapStringW 63939->63947 63941 7ff7e6324100 LoadLibraryW 63943 7ff7e63241d5 63941->63943 63944 7ff7e6324125 GetLastError 63941->63944 63942 7ff7e63241f5 GetProcAddress 63942->63940 63946 7ff7e6324206 63942->63946 63943->63942 63945 7ff7e63241ec FreeLibrary 63943->63945 63944->63947 63945->63942 63946->63940 63947->63940 63947->63941 63947->63942 63948 7ff7e632415f LoadLibraryExW 63947->63948 63948->63943 63948->63947 63949 7ff7e6141a70 WSAStartup 63954 7ff7e62fd290 63949->63954 63952 7ff7e62fcd10 DName::DName 8 API calls 63953 7ff7e6141abb 63952->63953 63957 7ff7e62fd254 63954->63957 63956 7ff7e6141aab 63956->63952 63958 7ff7e62fd26e 63957->63958 63960 7ff7e62fd267 63957->63960 63961 7ff7e6320e6c 43 API calls 63958->63961 63960->63956 63961->63960 63962 7ff7e616d074 GetFileAttributesW 63963 7ff7e616d082 63962->63963 63982 7ff7e6170a90 63963->63982 63966 7ff7e614c510 44 API calls 63967 7ff7e616d0b8 63966->63967 63968 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 63967->63968 63969 7ff7e616d0c2 GetFileAttributesW 63968->63969 63971 7ff7e616d0da 63969->63971 63972 7ff7e61479d0 77 API calls 63971->63972 63973 7ff7e616d130 63972->63973 63993 7ff7e61474e0 63973->63993 63977 7ff7e616d15a 63978 7ff7e6147820 45 API calls 63977->63978 63979 7ff7e616d174 63978->63979 64003 7ff7e6147600 63979->64003 64019 7ff7e614c1b0 63982->64019 63984 7ff7e6170ae9 63989 7ff7e6170b95 63984->63989 63992 7ff7e6170b56 63984->63992 64030 7ff7e614c440 44 API calls 63984->64030 63985 7ff7e6170bd5 63987 7ff7e614e0f0 44 API calls 63985->63987 63986 7ff7e614e0f0 44 API calls 63986->63989 63988 7ff7e616d0ad 63987->63988 63988->63966 63989->63985 64031 7ff7e614c440 44 API calls 63989->64031 63992->63986 63994 7ff7e61475aa 63993->63994 63995 7ff7e6147566 63993->63995 63997 7ff7e6147820 63994->63997 63995->63994 64034 7ff7e615ac50 100 API calls 63995->64034 63998 7ff7e6147842 63997->63998 64002 7ff7e6147883 63997->64002 64035 7ff7e6155a00 45 API calls Concurrency::cancel_current_task 63998->64035 64000 7ff7e6147878 64036 7ff7e61482e0 64000->64036 64002->63977 64005 7ff7e6147632 64003->64005 64006 7ff7e614764a 64003->64006 64004 7ff7e61482e0 std::_Throw_Cpp_error 45 API calls 64007 7ff7e61477f4 64004->64007 64005->64006 64043 7ff7e614b5e0 44 API calls _Yarn 64005->64043 64006->64004 64011 7ff7e62fcd10 DName::DName 8 API calls 64007->64011 64009 7ff7e614769e 64015 7ff7e61476a9 64009->64015 64044 7ff7e614c7b0 64009->64044 64012 7ff7e614780b 64011->64012 64017 7ff7e61482e0 std::_Throw_Cpp_error 45 API calls 64015->64017 64016 7ff7e6147718 64050 7ff7e614e190 44 API calls 2 library calls 64016->64050 64017->64006 64022 7ff7e614c1d9 64019->64022 64027 7ff7e614c2ae _Yarn 64019->64027 64020 7ff7e614c2ed 64033 7ff7e6143890 44 API calls std::_Throw_Cpp_error 64020->64033 64022->64020 64024 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 64022->64024 64029 7ff7e614c2e7 64022->64029 64025 7ff7e614c261 _Yarn 64024->64025 64025->64027 64028 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 64025->64028 64027->63984 64028->64029 64032 7ff7e61437d0 44 API calls 3 library calls 64029->64032 64030->63992 64031->63985 64032->64020 64034->63994 64035->64000 64037 7ff7e61482f9 64036->64037 64038 7ff7e614831d 64036->64038 64037->64038 64039 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 64037->64039 64038->64002 64040 7ff7e6148343 64039->64040 64041 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 64040->64041 64042 7ff7e6148392 64041->64042 64042->64002 64043->64009 64045 7ff7e614770c 64044->64045 64046 7ff7e614c7d5 64044->64046 64049 7ff7e6148170 44 API calls 3 library calls 64045->64049 64046->64045 64051 7ff7e6143890 44 API calls std::_Throw_Cpp_error 64046->64051 64049->64016 64050->64015 64052 7ff7e616bf4f 64053 7ff7e616bf52 64052->64053 64053->64053 64145 7ff7e614df10 64053->64145 64055 7ff7e616bf6d 64056 7ff7e616bf78 PathRemoveFileSpecW 64055->64056 64057 7ff7e616bfb1 64055->64057 64058 7ff7e616bf91 64056->64058 64059 7ff7e62fd254 43 API calls 64057->64059 64058->64058 64060 7ff7e614df10 44 API calls 64058->64060 64061 7ff7e616bfcd 64059->64061 64060->64057 64062 7ff7e614aef0 77 API calls 64061->64062 64063 7ff7e616bffb 64062->64063 64064 7ff7e62fece0 __std_exception_destroy 13 API calls 64063->64064 64065 7ff7e616c03b 64064->64065 64066 7ff7e61729f0 77 API calls 64065->64066 64067 7ff7e616c047 64066->64067 64068 7ff7e614aef0 77 API calls 64067->64068 64069 7ff7e616c0d9 64068->64069 64070 7ff7e62fece0 __std_exception_destroy 13 API calls 64069->64070 64071 7ff7e616c119 64070->64071 64072 7ff7e61729f0 77 API calls 64071->64072 64073 7ff7e616c125 64072->64073 64074 7ff7e616c9d9 64073->64074 64076 7ff7e61483a0 std::_Throw_Cpp_error 45 API calls 64073->64076 64075 7ff7e617a470 341 API calls 64074->64075 64077 7ff7e616c9e5 64075->64077 64084 7ff7e616c44c 64076->64084 64078 7ff7e616c9e9 64077->64078 64079 7ff7e616ca53 64077->64079 64080 7ff7e6156cc0 77 API calls 64078->64080 64081 7ff7e616ca5e 64079->64081 64082 7ff7e616cb5b GetFileAttributesW 64079->64082 64098 7ff7e616ca48 64080->64098 64083 7ff7e61479d0 77 API calls 64081->64083 64086 7ff7e616cb77 64082->64086 64083->64098 64087 7ff7e61727d0 44 API calls 64084->64087 64090 7ff7e616cbce 64086->64090 64091 7ff7e616cba3 64086->64091 64089 7ff7e616c4c0 64087->64089 64088 7ff7e616cec0 77 API calls 64092 7ff7e616ccaa 64088->64092 64093 7ff7e617beb0 44 API calls 64089->64093 64095 7ff7e61479d0 77 API calls 64090->64095 64170 7ff7e61715d0 77 API calls DName::DName 64091->64170 64096 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 64092->64096 64097 7ff7e616c4f1 64093->64097 64095->64098 64099 7ff7e616ccb8 64096->64099 64100 7ff7e62a4980 117 API calls 64097->64100 64098->64088 64102 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 64099->64102 64101 7ff7e616c543 64100->64101 64104 7ff7e614e0f0 44 API calls 64101->64104 64103 7ff7e616ccc6 64102->64103 64105 7ff7e62fcd10 DName::DName 8 API calls 64103->64105 64106 7ff7e616c562 64104->64106 64107 7ff7e616cd85 64105->64107 64108 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 64106->64108 64109 7ff7e616c570 64108->64109 64110 7ff7e6172660 2 API calls 64109->64110 64111 7ff7e616c57e 64110->64111 64112 7ff7e6172910 40 API calls 64111->64112 64113 7ff7e616c58c shared_ptr 64112->64113 64161 7ff7e6170550 95 API calls Concurrency::cancel_current_task 64113->64161 64115 7ff7e616c692 64162 7ff7e6170690 52 API calls std::_Facet_Register 64115->64162 64117 7ff7e616c6e1 64118 7ff7e616cd9e 64117->64118 64120 7ff7e616c72b 64117->64120 64171 7ff7e62fa850 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 64118->64171 64121 7ff7e616cda3 64120->64121 64122 7ff7e616c747 64120->64122 64127 7ff7e616c753 _Yarn 64120->64127 64172 7ff7e61437d0 44 API calls 3 library calls 64121->64172 64124 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 64122->64124 64124->64127 64126 7ff7e616cda9 64163 7ff7e6171240 45 API calls Concurrency::cancel_current_task 64127->64163 64128 7ff7e616c9a2 64169 7ff7e616cdb0 40 API calls 64128->64169 64129 7ff7e616c7fb 64132 7ff7e614c6b0 44 API calls 64129->64132 64142 7ff7e616c88c 64129->64142 64164 7ff7e6171b20 44 API calls 2 library calls 64129->64164 64165 7ff7e6171240 45 API calls Concurrency::cancel_current_task 64129->64165 64132->64129 64134 7ff7e616c9af 64136 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 64134->64136 64135 7ff7e62fcdf0 3 API calls 64135->64142 64138 7ff7e616c9bd 64136->64138 64139 7ff7e614db20 44 API calls 64138->64139 64141 7ff7e616c9cb 64139->64141 64143 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 64141->64143 64142->64128 64142->64135 64166 7ff7e62fad50 52 API calls 64142->64166 64167 7ff7e62fcd80 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 64142->64167 64168 7ff7e6150cd0 100 API calls 64142->64168 64143->64074 64146 7ff7e614df6d 64145->64146 64157 7ff7e614df40 _Yarn 64145->64157 64147 7ff7e614e047 64146->64147 64148 7ff7e614df80 64146->64148 64173 7ff7e6143890 44 API calls std::_Throw_Cpp_error 64147->64173 64149 7ff7e614dfc2 64148->64149 64151 7ff7e614e04c 64148->64151 64152 7ff7e61520f0 std::_Throw_Cpp_error 44 API calls 64149->64152 64174 7ff7e61437d0 44 API calls 3 library calls 64151->64174 64155 7ff7e614dfd6 _Yarn 64152->64155 64154 7ff7e6312130 _invalid_parameter_noinfo_noreturn 40 API calls 64156 7ff7e614e058 64154->64156 64155->64154 64155->64157 64158 7ff7e614e092 64156->64158 64175 7ff7e6152370 44 API calls 4 library calls 64156->64175 64157->64055 64158->64055 64160 7ff7e614e0e5 64160->64055 64161->64115 64162->64117 64163->64129 64164->64129 64165->64129 64166->64142 64168->64142 64169->64134 64170->64098 64172->64126 64174->64155 64175->64160 64176 7ff7e616bdef 64177 7ff7e616bdf9 64176->64177 64178 7ff7e614df10 44 API calls 64177->64178 64179 7ff7e616be05 GetFileAttributesW 64178->64179 64181 7ff7e616be2c 64179->64181 64182 7ff7e614c6b0 44 API calls 64181->64182 64183 7ff7e616be44 GetModuleHandleW GetModuleFileNameW 64182->64183 64184 7ff7e616be94 GetLastError 64183->64184 64193 7ff7e6171480 77 API calls 2 library calls 64184->64193 64186 7ff7e616bf0f 64187 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 64186->64187 64188 7ff7e616bf1d 64187->64188 64189 7ff7e614de60 std::_Throw_Cpp_error 44 API calls 64188->64189 64190 7ff7e616bf2b 64189->64190 64191 7ff7e62fcd10 DName::DName 8 API calls 64190->64191 64192 7ff7e616cd85 64191->64192 64193->64186

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 00007FF7E617E520 Relevance: 78.0, APIs: 31, Strings: 13, Instructions: 964threadtimeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$Leave$CountEnterProcessThread$HandleTick$CloseConditionCurrentMask$CallInfoInformationOpenPowerPriorityTimes$ClassExceptionMemoryRaiseVerifyVersion__std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID: 0398$0398$FA7D$FA7D$Handle count is {}, expected maximum is {} !$Thread count is {}, expected maximum is {} !$deadlock suspected$excessive handle count$excessive memory usage$excessive thread count$high CPU usage$suspected GUI thread hang$uwm
                                                                                                                                                                                                                                                                            • API String ID: 2554263370-1543258672
                                                                                                                                                                                                                                                                            • Opcode ID: ebd251f59ee0f47075668cc74e852c80fc76e228e45c602d6cb25b9dfad92a90
                                                                                                                                                                                                                                                                            • Instruction ID: 7443c3e3e40cd64abef377075695ec1985e68f20fe4961accd622623c0006d52
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebd251f59ee0f47075668cc74e852c80fc76e228e45c602d6cb25b9dfad92a90
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07A2E332A18BC58AEB61DF25EC443AEB7A1FB46B48F805136DA4D07794DF38E984C351
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6149A81 Relevance: 55.1, APIs: 12, Strings: 19, Instructions: 887timememoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Time$File$System$CriticalHeapProcessSection__std_exception_destroy$AttributesCommandCurrentEnterInformationLeaveLineMappedName_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                            • String ID: ,$C1C3$EBBE$END: Avast installer/updater, return code {}$Logs$START: Avast installer/updater$\Logs\Clear.log$\Logs\Setup.log$\Logs\Update.log$asw::settings::SettingsConfig::StorePathDef$asw::settings::SettingsConfig::StorePathIni$clear$config.def$debug$sfx$sfxstorage$B8$eB$7
                                                                                                                                                                                                                                                                            • API String ID: 1096773629-272021793
                                                                                                                                                                                                                                                                            • Opcode ID: 453325cd653e01879a0ea591d934ff84f27d2ab9a36692d746dd76e427b7e077
                                                                                                                                                                                                                                                                            • Instruction ID: 6b7e4b3d7893996c640953ddbdb865b2aa6105a1c80d8c88f6996253bf16ef1b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 453325cd653e01879a0ea591d934ff84f27d2ab9a36692d746dd76e427b7e077
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FA26262A24BC589EB31EF25DC803EEB360FB54748F844136DA4D4BA59EF38D685C351
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617A470 Relevance: 49.4, APIs: 13, Strings: 15, Instructions: 364memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 573 7ff7e617a470-7ff7e617a4d2 GetModuleHandleW GetProcAddress 574 7ff7e617a4d4-7ff7e617a4e0 573->574 575 7ff7e617a50f-7ff7e617a57c call 7ff7e62abf70 EnterCriticalSection call 7ff7e62fed70 call 7ff7e6152bd0 GetProcessHeap 573->575 577 7ff7e617a4e6-7ff7e617a505 call 7ff7e6180770 GetCurrentThreadId call 7ff7e617c2d0 574->577 578 7ff7e617a772-7ff7e617a7de call 7ff7e62ad870 call 7ff7e62ff810 574->578 599 7ff7e617a57e-7ff7e617a5a2 call 7ff7e614b010 call 7ff7e6311908 575->599 600 7ff7e617a5a7-7ff7e617a5aa 575->600 588 7ff7e617a50a 577->588 593 7ff7e617a868-7ff7e617a871 578->593 594 7ff7e617a7e4-7ff7e617a7eb 578->594 591 7ff7e617a5e9-7ff7e617a5ed 588->591 597 7ff7e617a5f3-7ff7e617a5fd call 7ff7e617aa60 591->597 598 7ff7e617a6cf-7ff7e617a6d3 591->598 595 7ff7e617a8f8-7ff7e617a901 593->595 596 7ff7e617a877-7ff7e617a87c 593->596 594->593 601 7ff7e617a7ed-7ff7e617a7f3 594->601 605 7ff7e617a907-7ff7e617a90f RevertToSelf 595->605 606 7ff7e617a9e1-7ff7e617a9ea 595->606 596->595 604 7ff7e617a87e-7ff7e617a882 596->604 620 7ff7e617a602-7ff7e617a604 597->620 608 7ff7e617a6d5-7ff7e617a6eb RtlAddVectoredExceptionHandler 598->608 609 7ff7e617a733-7ff7e617a737 598->609 599->600 602 7ff7e617a5ac-7ff7e617a5b0 600->602 603 7ff7e617a5b3-7ff7e617a5b6 600->603 601->593 611 7ff7e617a7f5-7ff7e617a808 601->611 602->603 614 7ff7e617a5db-7ff7e617a5e5 LeaveCriticalSection 603->614 615 7ff7e617a5b8-7ff7e617a5ca 603->615 604->595 616 7ff7e617a884-7ff7e617a88c 604->616 605->606 619 7ff7e617a915-7ff7e617a960 call 7ff7e61479d0 605->619 617 7ff7e617a9ec-7ff7e617aa2f call 7ff7e6156cc0 606->617 618 7ff7e617aa38 606->618 608->609 621 7ff7e617a6ed-7ff7e617a730 call 7ff7e6170e30 608->621 612 7ff7e617a739-7ff7e617a744 SetErrorMode 609->612 613 7ff7e617a747-7ff7e617a771 call 7ff7e62fcd10 609->613 611->593 623 7ff7e617a80a-7ff7e617a863 call 7ff7e6156cc0 611->623 612->613 614->591 625 7ff7e617a5cc-7ff7e617a5d2 HeapFree 615->625 626 7ff7e617a5d4-7ff7e617a5da 615->626 616->595 627 7ff7e617a88e-7ff7e617a8b2 VirtualQuery 616->627 637 7ff7e617aa34-7ff7e617aa36 617->637 630 7ff7e617aa3a-7ff7e617aa5a call 7ff7e62fcd10 618->630 647 7ff7e617a962-7ff7e617a98f 619->647 648 7ff7e617a990-7ff7e617a997 619->648 620->598 631 7ff7e617a60a-7ff7e617a655 call 7ff7e61479d0 620->631 621->609 623->630 625->614 626->614 627->595 636 7ff7e617a8b4-7ff7e617a8c5 GetModuleHandleW 627->636 651 7ff7e617a657-7ff7e617a684 631->651 652 7ff7e617a685-7ff7e617a68c 631->652 644 7ff7e617a8da-7ff7e617a8f3 636->644 645 7ff7e617a8c7-7ff7e617a8d8 GetModuleHandleW 636->645 637->630 644->630 645->595 645->644 647->648 648->637 653 7ff7e617a99d-7ff7e617a9ac 648->653 651->652 655 7ff7e617a68e-7ff7e617a69f 652->655 656 7ff7e617a6cc 652->656 653->637 654 7ff7e617a9b2-7ff7e617a9c9 653->654 654->637 661 7ff7e617a9cb-7ff7e617a9df 654->661 655->656 659 7ff7e617a6a1-7ff7e617a6ba 655->659 656->598 659->656 663 7ff7e617a6bc-7ff7e617a6c2 659->663 661->630 663->656
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$HandleModuleProcess$CriticalSection$AddressAllocEnterProc$CurrentErrorExceptionFreeHandlerLeaveModeQueryRevertSelfThreadVectoredVirtual
                                                                                                                                                                                                                                                                            • String ID: 75B0$75B0$Already running$CtrlRoutine$FB06$FB06$Failed to install global crashhandler.$Failed to install vectored handler.$Warning: Relocated kernel32 detected.$Warning: STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING exception was dispatched.$Warning: STATUS_THREADPOOL_HANDLE_EXCEPTION exception was dispatched.$asw::crashguard::ProcessWatcher::Singleton::v1$combase.dll$kernel32.dll$ole32.dll
                                                                                                                                                                                                                                                                            • API String ID: 3202747469-419070947
                                                                                                                                                                                                                                                                            • Opcode ID: 2abaec331f69d0b38215a426737b1753d5578a253fb07c3194ee6cfd1b279412
                                                                                                                                                                                                                                                                            • Instruction ID: 430df1d91b475d45164943bf4ec00ed33b47d9bc1f132c75f48b7cdbaace3b0b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2abaec331f69d0b38215a426737b1753d5578a253fb07c3194ee6cfd1b279412
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B025A32B14B468AEB11EF65E8403AEB3A1FB55B48F80403ADA0D577A4DF3CE945C761
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617CE40 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 274threadwindowsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 665 7ff7e617ce40-7ff7e617cfbf call 7ff7e6156cc0 call 7ff7e6292d60 call 7ff7e62fce80 call 7ff7e61483a0 call 7ff7e6292f00 call 7ff7e61809f0 GetModuleHandleW 679 7ff7e617cfc6-7ff7e617cfe4 call 7ff7e617b580 call 7ff7e617b490 665->679 684 7ff7e617d2ee-7ff7e617d2f6 679->684 685 7ff7e617cfea-7ff7e617cff2 679->685 686 7ff7e617d2f8-7ff7e617d302 call 7ff7e617e520 684->686 687 7ff7e617d317-7ff7e617d32f WaitForSingleObject 684->687 685->684 688 7ff7e617cff8-7ff7e617d00a GetCurrentProcess GetPriorityClass 685->688 692 7ff7e617d307-7ff7e617d310 686->692 687->679 690 7ff7e617d335 687->690 688->684 691 7ff7e617d010-7ff7e617d015 688->691 693 7ff7e617d340-7ff7e617d360 PeekMessageW 690->693 691->684 694 7ff7e617d01b-7ff7e617d04f call 7ff7e61724e0 OpenThread 691->694 692->687 693->693 695 7ff7e617d362-7ff7e617d36a call 7ff7e62931b0 693->695 700 7ff7e617d056-7ff7e617d061 GetThreadPriority 694->700 701 7ff7e617d051 694->701 699 7ff7e617d36f-7ff7e617d39b call 7ff7e62fcd10 695->699 702 7ff7e617d2dd-7ff7e617d2e0 FindCloseChangeNotification 700->702 703 7ff7e617d067-7ff7e617d071 call 7ff7e617f7e0 700->703 705 7ff7e617d2e6 701->705 702->705 703->702 709 7ff7e617d077-7ff7e617d0c6 GetGUIThreadInfo 703->709 705->684 709->702 710 7ff7e617d0cc-7ff7e617d0d7 709->710 711 7ff7e617d0dd-7ff7e617d0e6 710->711 712 7ff7e617d2d8 710->712 713 7ff7e617d26c-7ff7e617d275 711->713 714 7ff7e617d0ec 711->714 712->702 716 7ff7e617d277-7ff7e617d287 IsHungAppWindow 713->716 717 7ff7e617d2d0 713->717 715 7ff7e617d0f0-7ff7e617d110 PeekMessageW 714->715 715->715 718 7ff7e617d112-7ff7e617d129 715->718 716->717 719 7ff7e617d289-7ff7e617d2bd SendMessageCallbackW 716->719 717->712 720 7ff7e617d262 718->720 721 7ff7e617d12f-7ff7e617d131 718->721 719->717 722 7ff7e617d2bf-7ff7e617d2c9 719->722 724 7ff7e617d265 720->724 721->713 723 7ff7e617d137-7ff7e617d195 call 7ff7e61479d0 721->723 722->717 727 7ff7e617d197-7ff7e617d1d1 723->727 728 7ff7e617d1d2-7ff7e617d1dd 723->728 724->713 727->728 729 7ff7e617d21c-7ff7e617d260 call 7ff7e617d9c0 728->729 730 7ff7e617d1df-7ff7e617d1ec 728->730 729->724 730->729 731 7ff7e617d1ee-7ff7e617d20a 730->731 731->729 736 7ff7e617d20c-7ff7e617d212 731->736 736->729
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Thread$ConditionCurrentMaskOpen$CountInfoMessagePeekPriorityProcessTickTimesToken$ClassControlDeviceErrorHandleImpersonateLastModuleObjectSelfSingleSystemVerifyVersionWait
                                                                                                                                                                                                                                                                            • String ID: 0398$Detected a hang in GUI thread through IsHungAppWindow+SendMessageCallback. Attempting to dump process...$FA7D$H$Process monitoring installed.$SeDebugPrivilege$h$suspected GUI thread hang$verifier.dll
                                                                                                                                                                                                                                                                            • API String ID: 2528360860-2006111672
                                                                                                                                                                                                                                                                            • Opcode ID: 57aa9f0f3ac8d70a45fc4b873c5f4f85d1edd01e82185273445563720d672a71
                                                                                                                                                                                                                                                                            • Instruction ID: d5c73f9bdaffc905860d7838f7e802bb8684c48cd34ec786e8728d1ee4021049
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57aa9f0f3ac8d70a45fc4b873c5f4f85d1edd01e82185273445563720d672a71
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4ED17132A28BC586E761DB25F8507EBB3A0FB99B40F804136DA8D47A54DF3CE845CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62920E0 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 178threadmemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$Token$CloseCurrentOpenProcessThread$AllocateChangeCheckDuplicateFindHandleInitializeMembershipNotification
                                                                                                                                                                                                                                                                            • String ID: AllocateAndInitializeSid$Unable to check token membership!$Unable to duplicate the access token!$Unable to open current thread token!$Unable to open default process token!
                                                                                                                                                                                                                                                                            • API String ID: 261792156-3273639489
                                                                                                                                                                                                                                                                            • Opcode ID: 46567b61cab2fb32fc4ca6ba4a297ce14aafbf3cc7080da22a89abeb1cb19387
                                                                                                                                                                                                                                                                            • Instruction ID: 58d9ba6f8989b330bb579f4860a4fb59384bddb0732c4bfe24401364e2e2e15c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46567b61cab2fb32fc4ca6ba4a297ce14aafbf3cc7080da22a89abeb1cb19387
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A917F22E28B4686EB10EB61EC543EEB364FB94744F804537DA4D57A68DF3CE148C762
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6292A90 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 173libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorLastProc$HandleModule
                                                                                                                                                                                                                                                                            • String ID: GetProcAddress ({})$LdrLockLoaderLock$LdrUnlockLoaderLock$RtlDllShutdownInProgress$RtlGetCurrentPeb$RtlIsCriticalSectionLockedByThread$Unable to adjust token privilege '{}'!$Unable to lookup privilege '{}'!$ntdll.dll
                                                                                                                                                                                                                                                                            • API String ID: 3725234143-558923929
                                                                                                                                                                                                                                                                            • Opcode ID: ec167d4a54710c186022324ce92b077e2a5dcf20ff2373bbbba3e451e9f146d0
                                                                                                                                                                                                                                                                            • Instruction ID: 6cf1ec1b540f2bfc20d13bf9f325af0b64ddaf51b5044f631ddacc89095a4660
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec167d4a54710c186022324ce92b077e2a5dcf20ff2373bbbba3e451e9f146d0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14812C21E28B0695FB10AB60EC543EAB3B4BF54744FD0443BCA4D566A8EF7CE549C362
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E616C04B Relevance: 33.7, APIs: 7, Strings: 12, Instructions: 476COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 829 7ff7e616c04b-7ff7e616c0a5 call 7ff7e614aef0 833 7ff7e616c0b2-7ff7e616c411 call 7ff7e614aef0 call 7ff7e62fece0 call 7ff7e61729f0 829->833 834 7ff7e616c0ad call 7ff7e62fece0 829->834 845 7ff7e616c9d9-7ff7e616c9e7 call 7ff7e617a470 833->845 846 7ff7e616c417-7ff7e616c475 call 7ff7e61483a0 call 7ff7e61f9540 833->846 834->833 851 7ff7e616c9e9-7ff7e616ca4e call 7ff7e6156cc0 845->851 852 7ff7e616ca53-7ff7e616ca58 845->852 860 7ff7e616c47a-7ff7e616c53e call 7ff7e61727d0 call 7ff7e617beb0 call 7ff7e62a4980 846->860 861 7ff7e616c477 846->861 867 7ff7e616cca2-7ff7e616cca5 call 7ff7e616cec0 851->867 856 7ff7e616ca5e-7ff7e616cac8 call 7ff7e61479d0 852->856 857 7ff7e616cb5b-7ff7e616cb67 852->857 870 7ff7e616caca-7ff7e616cb07 856->870 871 7ff7e616cb08-7ff7e616cb13 856->871 862 7ff7e616cb6c-7ff7e616cb75 GetFileAttributesW 857->862 863 7ff7e616cb69 857->863 890 7ff7e616c543-7ff7e616c54d 860->890 861->860 864 7ff7e616cb77-7ff7e616cb79 862->864 865 7ff7e616cb7f 862->865 863->862 864->865 869 7ff7e616cb7b-7ff7e616cb7d 864->869 872 7ff7e616cb81-7ff7e616cba1 865->872 878 7ff7e616ccaa-7ff7e616cd97 call 7ff7e614de60 * 2 call 7ff7e62fcd10 867->878 869->872 870->871 871->867 877 7ff7e616cb19-7ff7e616cb23 871->877 875 7ff7e616cbce-7ff7e616cc1a call 7ff7e61479d0 872->875 876 7ff7e616cba3-7ff7e616cbc9 call 7ff7e61715d0 872->876 892 7ff7e616cc1c-7ff7e616cc4f 875->892 893 7ff7e616cc5a-7ff7e616cc65 875->893 876->867 877->867 882 7ff7e616cb29-7ff7e616cb40 877->882 882->867 897 7ff7e616cb46-7ff7e616cb56 882->897 895 7ff7e616c552-7ff7e616c725 call 7ff7e614e0f0 call 7ff7e614de60 call 7ff7e6172660 call 7ff7e6172910 call 7ff7e634e6e0 call 7ff7e6170550 call 7ff7e6170690 890->895 896 7ff7e616c54f 890->896 902 7ff7e616cc59 892->902 898 7ff7e616cc9c 893->898 899 7ff7e616cc67-7ff7e616cc71 893->899 924 7ff7e616cd9e-7ff7e616cda3 call 7ff7e62fa850 895->924 925 7ff7e616c72b-7ff7e616c72e 895->925 896->895 897->867 898->867 899->898 903 7ff7e616cc73-7ff7e616cc8a 899->903 902->893 903->898 911 7ff7e616cc8c-7ff7e616cc92 903->911 911->898 931 7ff7e616cda4-7ff7e616cda9 call 7ff7e61437d0 924->931 927 7ff7e616c734-7ff7e616c741 925->927 928 7ff7e616c7d1 925->928 930 7ff7e616c747-7ff7e616c7cf call 7ff7e61520f0 call 7ff7e634df60 927->930 927->931 932 7ff7e616c7d9-7ff7e616c80a call 7ff7e6171240 928->932 930->932 939 7ff7e616c88c-7ff7e616c89f 932->939 940 7ff7e616c810-7ff7e616c819 932->940 944 7ff7e616c8a5-7ff7e616c8b7 939->944 945 7ff7e616c9a2-7ff7e616c9d4 call 7ff7e616cdb0 call 7ff7e614de60 call 7ff7e614db20 call 7ff7e614de60 939->945 942 7ff7e616c81b-7ff7e616c82b 940->942 943 7ff7e616c860-7ff7e616c88a call 7ff7e6171240 940->943 947 7ff7e616c82d-7ff7e616c846 call 7ff7e614c6b0 942->947 948 7ff7e616c848-7ff7e616c853 942->948 943->939 943->940 950 7ff7e616c8c0-7ff7e616c8ca 944->950 945->845 947->943 948->943 953 7ff7e616c85b call 7ff7e6171b20 948->953 955 7ff7e616c8cc-7ff7e616c8df call 7ff7e62fcdf0 950->955 956 7ff7e616c8f9-7ff7e616c933 950->956 953->943 955->956 967 7ff7e616c8e1-7ff7e616c8f4 call 7ff7e62fad50 call 7ff7e62fcd80 955->967 958 7ff7e616c938-7ff7e616c98f call 7ff7e6150cd0 956->958 959 7ff7e616c935 956->959 971 7ff7e616c995-7ff7e616c99c 958->971 972 7ff7e616c991 958->972 959->958 967->956 971->945 971->950 972->971
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __std_exception_destroy$BindingString$ComposeConcurrency::cancel_current_taskFreeFrom
                                                                                                                                                                                                                                                                            • String ID: $"$1412$AvDumper$CA55$CrashGuardProcessWatcherExclusions$Failed to install crash hooks$avcfg://settings/CrashGuard/DumpFirstChance$avdef://config/Common/DumpFirstChance$avdef://config/Common/FullDumpFraction$ncalrpc$python.exe;pythonw.exe;
                                                                                                                                                                                                                                                                            • API String ID: 2873485521-3410722514
                                                                                                                                                                                                                                                                            • Opcode ID: e96d2a8855614a06f0404becf844b718fcf8be0c966d0b52957932e846c9c915
                                                                                                                                                                                                                                                                            • Instruction ID: 774d7b17609c5e126fc737123674874912a269984d7c40369a5f78f6c74feeb7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e96d2a8855614a06f0404becf844b718fcf8be0c966d0b52957932e846c9c915
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F423F22A29BC580E631EB14F8843EBB3A4FBD5744F804236DA8D53AA6DF3CD544CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A6300 Relevance: 23.4, APIs: 6, Strings: 7, Instructions: 617registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1225 7ff7e62a6300-7ff7e62a63a7 RegQueryValueExW 1226 7ff7e62a6401-7ff7e62a6406 1225->1226 1227 7ff7e62a63a9-7ff7e62a63fc call 7ff7e6153e00 1225->1227 1229 7ff7e62a6438-7ff7e62a643d 1226->1229 1230 7ff7e62a6408-7ff7e62a6433 call 7ff7e62a43a0 1226->1230 1235 7ff7e62a656e-7ff7e62a65ab call 7ff7e614de60 call 7ff7e62fcd10 1227->1235 1233 7ff7e62a6443-7ff7e62a644a 1229->1233 1234 7ff7e62a654e-7ff7e62a656a 1229->1234 1230->1229 1236 7ff7e62a6450-7ff7e62a645c 1233->1236 1234->1235 1238 7ff7e62a6476-7ff7e62a6489 1236->1238 1239 7ff7e62a645e-7ff7e62a6474 1236->1239 1242 7ff7e62a648b-7ff7e62a64a3 1238->1242 1243 7ff7e62a64bd-7ff7e62a64cf call 7ff7e6152370 1238->1243 1241 7ff7e62a64d4-7ff7e62a6508 RegQueryValueExW 1239->1241 1244 7ff7e62a650a-7ff7e62a650f 1241->1244 1245 7ff7e62a651d-7ff7e62a6549 call 7ff7e62a43a0 1241->1245 1247 7ff7e62a64b0-7ff7e62a64bb 1242->1247 1248 7ff7e62a64a5-7ff7e62a64ad 1242->1248 1243->1241 1250 7ff7e62a6515-7ff7e62a6518 1244->1250 1251 7ff7e62a65ac-7ff7e62a669e call 7ff7e6175050 call 7ff7e615c140 call 7ff7e62a72d0 call 7ff7e62ff810 RegQueryValueExW 1244->1251 1245->1234 1247->1241 1248->1247 1250->1236 1262 7ff7e62a66a0-7ff7e62a66b3 call 7ff7e61f3c80 1251->1262 1263 7ff7e62a66da-7ff7e62a66df 1251->1263 1267 7ff7e62a66b8-7ff7e62a66d5 1262->1267 1265 7ff7e62a6711-7ff7e62a6716 1263->1265 1266 7ff7e62a66e1-7ff7e62a670c call 7ff7e62a43a0 1263->1266 1269 7ff7e62a671c-7ff7e62a671f 1265->1269 1270 7ff7e62a67ed-7ff7e62a6807 1265->1270 1266->1265 1271 7ff7e62a680a-7ff7e62a684b call 7ff7e61f0940 call 7ff7e62fcd10 1267->1271 1272 7ff7e62a6720-7ff7e62a673a 1269->1272 1270->1271 1273 7ff7e62a6746 1272->1273 1274 7ff7e62a673c-7ff7e62a6744 1272->1274 1276 7ff7e62a6781-7ff7e62a67a7 RegQueryValueExW 1273->1276 1277 7ff7e62a6748-7ff7e62a6755 1273->1277 1274->1276 1279 7ff7e62a67a9-7ff7e62a67ae 1276->1279 1280 7ff7e62a67bc-7ff7e62a67e8 call 7ff7e62a43a0 1276->1280 1281 7ff7e62a6765-7ff7e62a6779 call 7ff7e634e6e0 1277->1281 1282 7ff7e62a6757-7ff7e62a6763 call 7ff7e62a7170 1277->1282 1287 7ff7e62a67b4-7ff7e62a67b7 1279->1287 1288 7ff7e62a684c-7ff7e62a6938 call 7ff7e6175050 call 7ff7e615c140 call 7ff7e62a72d0 call 7ff7e62ff810 RegQueryValueExW 1279->1288 1280->1270 1293 7ff7e62a677d 1281->1293 1282->1293 1287->1272 1301 7ff7e62a6971-7ff7e62a6976 1288->1301 1302 7ff7e62a693a-7ff7e62a696c call 7ff7e61b2c30 1288->1302 1293->1276 1304 7ff7e62a69a8-7ff7e62a69ad 1301->1304 1305 7ff7e62a6978-7ff7e62a69a3 call 7ff7e62a43a0 1301->1305 1311 7ff7e62a6a9e-7ff7e62a6adc call 7ff7e614dbc0 call 7ff7e62fcd10 1302->1311 1306 7ff7e62a6a81-7ff7e62a6a9b 1304->1306 1307 7ff7e62a69b3-7ff7e62a69b6 1304->1307 1305->1304 1306->1311 1310 7ff7e62a69c0-7ff7e62a69d4 1307->1310 1312 7ff7e62a69e0 1310->1312 1313 7ff7e62a69d6-7ff7e62a69de 1310->1313 1315 7ff7e62a6a15-7ff7e62a6a3b RegQueryValueExW 1312->1315 1316 7ff7e62a69e2-7ff7e62a69ec 1312->1316 1313->1315 1321 7ff7e62a6a50-7ff7e62a6a7c call 7ff7e62a43a0 1315->1321 1322 7ff7e62a6a3d-7ff7e62a6a42 1315->1322 1318 7ff7e62a69fc-7ff7e62a6a0d call 7ff7e634e6e0 1316->1318 1319 7ff7e62a69ee-7ff7e62a69fa call 7ff7e615c410 1316->1319 1332 7ff7e62a6a11 1318->1332 1319->1332 1321->1306 1327 7ff7e62a6a48-7ff7e62a6a4b 1322->1327 1328 7ff7e62a6add-7ff7e62a6b9d call 7ff7e6175050 call 7ff7e615c140 call 7ff7e62a72d0 call 7ff7e62ff810 1322->1328 1327->1310 1340 7ff7e62a6ba3-7ff7e62a6bc2 call 7ff7e61520f0 1328->1340 1341 7ff7e62a6c3d-7ff7e62a6c42 call 7ff7e61437d0 1328->1341 1332->1315 1346 7ff7e62a6bc4-7ff7e62a6bce 1340->1346 1347 7ff7e62a6c1d-7ff7e62a6c37 1340->1347 1348 7ff7e62a6bd0-7ff7e62a6c1b 1346->1348 1347->1341 1348->1347 1348->1348
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                                            • String ID: >$Cannot query registry data due to '{}' value changed too often$Cannot query registry value data$Cannot query registry value size$gfffffff$gfffffff$gfffffff
                                                                                                                                                                                                                                                                            • API String ID: 3660427363-930554611
                                                                                                                                                                                                                                                                            • Opcode ID: 2501463979bca1734eb9cbdbfaae242e54a19781804c36fd44d2c5f947da80d8
                                                                                                                                                                                                                                                                            • Instruction ID: 149332465e9001a9173127cc637131908b2f73b1bcb5ac096a5147500b2a6716
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2501463979bca1734eb9cbdbfaae242e54a19781804c36fd44d2c5f947da80d8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA529032B24B8189E710DF65E8406EEB3B4FB58788FA0512AEF8D53A59DF38D595C700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A8920 Relevance: 23.1, APIs: 10, Strings: 2, Instructions: 2077encryptiontimethreadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7E62AA793), ref: 00007FF7E62A8966
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7E62AA793), ref: 00007FF7E62A8BC4
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00007FF7E62A8CFE
                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7E62AA793), ref: 00007FF7E62A8E70
                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7E62AA793), ref: 00007FF7E62A936C
                                                                                                                                                                                                                                                                            • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7E62AA793), ref: 00007FF7E62A95E7
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7E62AA793), ref: 00007FF7E62A9D6F
                                                                                                                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32 ref: 00007FF7E62AA27B
                                                                                                                                                                                                                                                                            • CryptGenRandom.ADVAPI32 ref: 00007FF7E62AA2A3
                                                                                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32 ref: 00007FF7E62AA51F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Crypt$ContextCurrentSystemTime$AcquireCounterDiskFileFreeGlobalMemoryPerformanceProcessQueryRandomReleaseSpaceStatusThreadTimes
                                                                                                                                                                                                                                                                            • String ID: @$Microsoft Base Cryptographic Provider v1.0
                                                                                                                                                                                                                                                                            • API String ID: 1216455848-3036034798
                                                                                                                                                                                                                                                                            • Opcode ID: 9621706e66f1e1417c7637f2aadf42ab6eae26e5dd89606bbdbe4c20f1c72faa
                                                                                                                                                                                                                                                                            • Instruction ID: 43b979a19ba55caf5db2c57ad12a93e7dd46b167a0e8dce2928da275d1480600
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9621706e66f1e1417c7637f2aadf42ab6eae26e5dd89606bbdbe4c20f1c72faa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F1352B3A286828BDB54DF28D85027EB7B1F796744F94013AE38987689DB7DD904CF10
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A5D00 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 296registrynativeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 2003 7ff7e62a5d00-7ff7e62a5d72 2004 7ff7e62a5d78-7ff7e62a5d7c 2003->2004 2005 7ff7e62a5eac-7ff7e62a5f46 call 7ff7e62a72b0 call 7ff7e61520f0 call 7ff7e634e6e0 2003->2005 2006 7ff7e62a5dfb-7ff7e62a5e05 2004->2006 2007 7ff7e62a5d7e-7ff7e62a5db6 call 7ff7e617beb0 call 7ff7e62a54c0 2004->2007 2029 7ff7e62a5f4a-7ff7e62a5f4e 2005->2029 2009 7ff7e62a5e09-7ff7e62a5e62 RegSetValueExW call 7ff7e62a43a0 2006->2009 2021 7ff7e62a5dbb-7ff7e62a5dd4 2007->2021 2016 7ff7e62a5e67-7ff7e62a5e72 2009->2016 2019 7ff7e62a5e74-7ff7e62a5e7f RegCloseKey 2016->2019 2020 7ff7e62a5e89-7ff7e62a5eab call 7ff7e62fcd10 2016->2020 2019->2020 2023 7ff7e62a5e81-7ff7e62a5e83 SetLastError 2019->2023 2025 7ff7e62a5dd6-7ff7e62a5dde RegCloseKey 2021->2025 2026 7ff7e62a5de8-7ff7e62a5df9 call 7ff7e6172910 2021->2026 2023->2020 2025->2026 2027 7ff7e62a5de0-7ff7e62a5de2 SetLastError 2025->2027 2026->2009 2027->2026 2032 7ff7e62a5f50-7ff7e62a5f58 2029->2032 2033 7ff7e62a60d7-7ff7e62a6115 call 7ff7e6152ac0 call 7ff7e62ff810 2032->2033 2034 7ff7e62a5f5e-7ff7e62a5f75 2032->2034 2053 7ff7e62a6117 NtClose 2033->2053 2054 7ff7e62a611d-7ff7e62a6129 2033->2054 2036 7ff7e62a60b0-7ff7e62a60d6 call 7ff7e6152ac0 call 7ff7e62ff810 2034->2036 2037 7ff7e62a5f7b-7ff7e62a5f95 RegQueryMultipleValuesW 2034->2037 2036->2033 2039 7ff7e62a5ff8-7ff7e62a606d call 7ff7e62a43a0 call 7ff7e614dbc0 2037->2039 2040 7ff7e62a5f97-7ff7e62a5fac 2037->2040 2061 7ff7e62a606f 2039->2061 2062 7ff7e62a6072-7ff7e62a6078 2039->2062 2045 7ff7e62a5fb8 2040->2045 2046 7ff7e62a5fae-7ff7e62a5fb6 2040->2046 2045->2032 2050 7ff7e62a5fba-7ff7e62a5fc4 2045->2050 2046->2032 2055 7ff7e62a5fc6-7ff7e62a5fd6 call 7ff7e615c410 2050->2055 2056 7ff7e62a5fdb-7ff7e62a5ff3 call 7ff7e634e6e0 2050->2056 2053->2054 2055->2029 2056->2029 2061->2062 2064 7ff7e62a607a-7ff7e62a6082 RegCloseKey 2062->2064 2065 7ff7e62a608c-7ff7e62a60af call 7ff7e62fcd10 2062->2065 2064->2065 2066 7ff7e62a6084-7ff7e62a6086 SetLastError 2064->2066 2066->2065
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$ErrorLast$Create$MultipleQueryValueValues
                                                                                                                                                                                                                                                                            • String ID: Cannot query multiple values$Cannot write key value
                                                                                                                                                                                                                                                                            • API String ID: 2503903376-4258123943
                                                                                                                                                                                                                                                                            • Opcode ID: afab6e2c2e75021e40652da08d3777ad1a92e7be36f257612473403bd25d82e4
                                                                                                                                                                                                                                                                            • Instruction ID: 702fd515f64026af32a826471d9435b66b62eb8c699a8a73f2cc494f3f0f8929
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afab6e2c2e75021e40652da08d3777ad1a92e7be36f257612473403bd25d82e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02C15B32B28B8199EB10EF61E8547AEB3A4FB48788F844136EE4D57B59EF38D154C311
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E616F480 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$AddressCacheCall3CheckClientDebuggerFlushHandleInstructionModulePresentProcRemote
                                                                                                                                                                                                                                                                            • String ID: IsDebuggerPresent$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 2663660448-2078679533
                                                                                                                                                                                                                                                                            • Opcode ID: c61f7fc85614437339c1394cabb13ace727d1573d15ffa12084c6dd197be2368
                                                                                                                                                                                                                                                                            • Instruction ID: 8abaff5aabd50de9c4716eee86558a27a582c470889368ecc7dc8cc4b3369b36
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c61f7fc85614437339c1394cabb13ace727d1573d15ffa12084c6dd197be2368
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A41E525A2CA8286E711AF24EC503BFB3A1FB50B90F945137DA4D466D4CF3DD444C721
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A4980 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 251registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 2117 7ff7e62a4980-7ff7e62a49ea call 7ff7e62a76c0 call 7ff7e62a6300 2121 7ff7e62a49ef-7ff7e62a49f4 2117->2121 2122 7ff7e62a49f6-7ff7e62a49fc 2121->2122 2123 7ff7e62a49fe 2121->2123 2124 7ff7e62a4a02-7ff7e62a4a05 2122->2124 2123->2124 2125 7ff7e62a4a07-7ff7e62a4a0f RegCloseKey 2124->2125 2126 7ff7e62a4a19-7ff7e62a4a27 2124->2126 2125->2126 2127 7ff7e62a4a11-7ff7e62a4a13 SetLastError 2125->2127 2128 7ff7e62a4a37-7ff7e62a4a42 call 7ff7e62a6130 2126->2128 2129 7ff7e62a4a29-7ff7e62a4a2c 2126->2129 2127->2126 2134 7ff7e62a4a44-7ff7e62a4a48 2128->2134 2135 7ff7e62a4a7e-7ff7e62a4a82 2128->2135 2129->2128 2130 7ff7e62a4a2e-7ff7e62a4a31 2129->2130 2130->2128 2133 7ff7e62a4ba9-7ff7e62a4bdf call 7ff7e61f6330 call 7ff7e62a7310 call 7ff7e62ff810 2130->2133 2156 7ff7e62a4be0-7ff7e62a4c00 call 7ff7e62a4670 call 7ff7e62ff810 2133->2156 2137 7ff7e62a4a50-7ff7e62a4a78 call 7ff7e62a6130 2134->2137 2138 7ff7e62a4a88-7ff7e62a4ab0 call 7ff7e6151fb0 2135->2138 2139 7ff7e62a4b3c-7ff7e62a4b57 2135->2139 2150 7ff7e62a4a7a 2137->2150 2138->2139 2152 7ff7e62a4ab6-7ff7e62a4b07 ExpandEnvironmentStringsW call 7ff7e614c300 2138->2152 2143 7ff7e62a4b5b-7ff7e62a4b7e call 7ff7e614de60 call 7ff7e62fcd10 2139->2143 2150->2135 2160 7ff7e62a4b7f-7ff7e62a4ba8 call 7ff7e6152ac0 call 7ff7e62ff810 2152->2160 2161 7ff7e62a4b09-7ff7e62a4b11 2152->2161 2169 7ff7e62a4c01-7ff7e62a4cef call 7ff7e62a4670 call 7ff7e62ff810 call 7ff7e62a76c0 RegQueryValueExW call 7ff7e62a43a0 2156->2169 2160->2133 2164 7ff7e62a4b13 2161->2164 2165 7ff7e62a4b16-7ff7e62a4b2c ExpandEnvironmentStringsW 2161->2165 2164->2165 2165->2156 2166 7ff7e62a4b32-7ff7e62a4b34 2165->2166 2166->2169 2170 7ff7e62a4b3a 2166->2170 2182 7ff7e62a4cf1-7ff7e62a4cfc RegCloseKey 2169->2182 2183 7ff7e62a4d06-7ff7e62a4d2a call 7ff7e62fcd10 2169->2183 2170->2143 2182->2183 2184 7ff7e62a4cfe-7ff7e62a4d00 SetLastError 2182->2184 2184->2183
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseEnvironmentErrorExpandLastQueryStringsValue$ExceptionFileHeaderOpenRaise__std_exception_copy
                                                                                                                                                                                                                                                                            • String ID: Cannot query registry value type$String environment expansion failed$String environment expansion failed due to unexpected buffer size
                                                                                                                                                                                                                                                                            • API String ID: 3007891444-362477642
                                                                                                                                                                                                                                                                            • Opcode ID: e4b336d5072022b233e22acf025b4dc1a96452c79212d399090444fe3a9f612f
                                                                                                                                                                                                                                                                            • Instruction ID: beec6491fc84454fdb841eb9be6ac774d9e8640e2f89246f3381681bc187fd08
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4b336d5072022b233e22acf025b4dc1a96452c79212d399090444fe3a9f612f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17B10432E28A8186FB10EF34E8403EEB3A5FB94788F805132EA4D47A59DF78E554C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617C2D0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 206libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$AddressCurrentEventHandleModuleProcThread
                                                                                                                                                                                                                                                                            • String ID: Already running$IsRunningInsideAvastService
                                                                                                                                                                                                                                                                            • API String ID: 2652625034-28184766
                                                                                                                                                                                                                                                                            • Opcode ID: c4decc43f3ed6b41fe020cec96a72453bd5caca5cd5d7f3c96df6e5ad6af9013
                                                                                                                                                                                                                                                                            • Instruction ID: fc4b2ebc8a2c29aa6f3e7af6a5d240d1459007058154cf7624c8d7cc0897fc79
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4decc43f3ed6b41fe020cec96a72453bd5caca5cd5d7f3c96df6e5ad6af9013
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C881913292868286E721EF20E8513BBF3A4FF99740F944136E68D43695DF3CE990C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617AA60 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 113memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ProtectVirtual$AddressExceptionFilterHandleModuleProcUnhandled__std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID: 75B0$Call to InstallGlobalHandler while being already installed.$FB06$Kernel32.dll$SetUnhandledExceptionFilter
                                                                                                                                                                                                                                                                            • API String ID: 2217734308-513095205
                                                                                                                                                                                                                                                                            • Opcode ID: 409e28d40152ebefb25df6493918e91e1d73a76e17b1b05625fa02ddcfb971a4
                                                                                                                                                                                                                                                                            • Instruction ID: d4099065463b7270067f40f4659ed2d9197415b55e6b3c1cce6f5f0ef66e7221
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 409e28d40152ebefb25df6493918e91e1d73a76e17b1b05625fa02ddcfb971a4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0519132A14B4599E710EF21E8403AEB3A0FB59B48F94403AEA0D47798DF3CE944C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6292980 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61librarynativeloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E629F614), ref: 00007FF7E62929CB
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E629F614), ref: 00007FF7E62929DB
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCD80: AcquireSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E61486BC), ref: 00007FF7E62FCD90
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCD80: ReleaseSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E61486BC), ref: 00007FF7E62FCDD0
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00007FF7E6292A18
                                                                                                                                                                                                                                                                            • NtQueryInformationProcess.NTDLL ref: 00007FF7E6292A3D
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCDF0: AcquireSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E6148681), ref: 00007FF7E62FCE00
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireProcess$AddressCurrentHandleInformationModuleProcQueryRelease
                                                                                                                                                                                                                                                                            • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                                                                                                                                                                                                            • API String ID: 259813251-2906145389
                                                                                                                                                                                                                                                                            • Opcode ID: 52a757f25958bbf5585d22884fa26293c422a4561e71b2b7db7bceb74124d3e7
                                                                                                                                                                                                                                                                            • Instruction ID: ceef3323c6e57dce8b13d51b84b6eedcda0c8eaf8092b28e9645951dd91b95b2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52a757f25958bbf5585d22884fa26293c422a4561e71b2b7db7bceb74124d3e7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33216D62A38A4281EA90FB21EC513BBB3A4BF95B40FC01037D64E47395DF3CE5098722
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E616B5E0 Relevance: 7.7, APIs: 5, Instructions: 215threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6292980: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E629F614), ref: 00007FF7E62929CB
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6292980: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E629F614), ref: 00007FF7E62929DB
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6292980: GetCurrentProcess.KERNEL32 ref: 00007FF7E6292A18
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6292980: NtQueryInformationProcess.NTDLL ref: 00007FF7E6292A3D
                                                                                                                                                                                                                                                                            • InitializeProcThreadAttributeList.KERNEL32 ref: 00007FF7E616B6D1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ProcProcess$AddressAttributeCurrentHandleInformationInitializeListModuleQueryThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 140588192-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1775f3841eee03957657563c0e6cb813a6d679f0c770e28a55eb9fc523b3300c
                                                                                                                                                                                                                                                                            • Instruction ID: 6b1118378a59a69ce3a0a3640fec0ec8eb390154f2eed7bc2273aef58adf6690
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1775f3841eee03957657563c0e6cb813a6d679f0c770e28a55eb9fc523b3300c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AA16E32A24B8196E704DF31D9403AEB3B4FB58744F40962ADB9C17A65DF38E1B1C351
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62AA720 Relevance: 2.9, APIs: 2, Instructions: 380COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 00007FF7E62AA752
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCDF0: AcquireSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E6148681), ref: 00007FF7E62FCE00
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62A8920: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7E62AA793), ref: 00007FF7E62A8966
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCD80: AcquireSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E61486BC), ref: 00007FF7E62FCD90
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCD80: ReleaseSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E61486BC), ref: 00007FF7E62FCDD0
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7E62AACAF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireCriticalSectionTime$EnterFileLeaveReleaseSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 516957425-0
                                                                                                                                                                                                                                                                            • Opcode ID: 504f8d2c7ccc0fd1e804343f61dcfffb5a4e4b2fc537e7e5c6013b07d5375ecd
                                                                                                                                                                                                                                                                            • Instruction ID: 5dfa1ddff72b798ba69dcaf4b25b213b68d4e54a1f0000b2e0f42458bd795d43
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 504f8d2c7ccc0fd1e804343f61dcfffb5a4e4b2fc537e7e5c6013b07d5375ecd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3028472A2C6828BE744DB58EC402BBF7A0FB95354F84013AE78987795DBBCD505CB21
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E616B8EB Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 186libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$CallerCreateCriticalDirectoryEntryErrorFunctionHandleInitializeLastLibraryLoadLookupModuleSectionSystemUuid
                                                                                                                                                                                                                                                                            • String ID: 1412$6$:$CA55$MiniDumpWriteDump$MiniDumpWriteDump initialization failed, error code {}$RaiseException$dbghelp.dll$kernelbase.dll
                                                                                                                                                                                                                                                                            • API String ID: 3088041607-92576876
                                                                                                                                                                                                                                                                            • Opcode ID: b52c5dd3bf7697965bee94dc124aeefacfe1c2661f0359f507a9e087febcd401
                                                                                                                                                                                                                                                                            • Instruction ID: d827b911e5494eb948a0f9580fadb056e4f1feb10ec392700b7fcabb99c0ab03
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b52c5dd3bf7697965bee94dc124aeefacfe1c2661f0359f507a9e087febcd401
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CBA19F32E24B8586E704DB35E8403AEB3A0FBA5744F40923ADA4D13A65EF7CE5A4C711
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62923E0 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 156threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$Token$CurrentInformationOpenProcessThread$CloseHandle
                                                                                                                                                                                                                                                                            • String ID: Unable to open current thread token!$Unable to open default process token!$Unable to retrieve the size of user SID!$Unable to retrieve the user SID!
                                                                                                                                                                                                                                                                            • API String ID: 1997037448-745207089
                                                                                                                                                                                                                                                                            • Opcode ID: 10bb3bb01a4548750a569175906749bcbae5a52a15f9e9a32a1d1df18112fce2
                                                                                                                                                                                                                                                                            • Instruction ID: 22a75745746133a18e93453ae980a3ec89b1232a13f766f701cbd479dc7a8c53
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10bb3bb01a4548750a569175906749bcbae5a52a15f9e9a32a1d1df18112fce2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F715232A29B8382EA20AB11EC543EBB364FB95B40FC04037DA4D47A59DF3CD545CB62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E616BF4F Relevance: 28.2, APIs: 4, Strings: 12, Instructions: 247COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1062 7ff7e616bf4f 1063 7ff7e616bf52-7ff7e616bf5b 1062->1063 1063->1063 1064 7ff7e616bf5d-7ff7e616bf76 call 7ff7e614df10 1063->1064 1067 7ff7e616bf78-7ff7e616bf8e PathRemoveFileSpecW 1064->1067 1068 7ff7e616bfb1-7ff7e616c411 call 7ff7e616d050 call 7ff7e62fd254 call 7ff7e614aef0 call 7ff7e62fece0 call 7ff7e61729f0 call 7ff7e614aef0 call 7ff7e62fece0 call 7ff7e61729f0 1064->1068 1069 7ff7e616bf91-7ff7e616bf9a 1067->1069 1094 7ff7e616c9d9-7ff7e616c9e7 call 7ff7e617a470 1068->1094 1095 7ff7e616c417-7ff7e616c475 call 7ff7e61483a0 call 7ff7e61f9540 1068->1095 1069->1069 1072 7ff7e616bf9c-7ff7e616bfac call 7ff7e614df10 1069->1072 1072->1068 1100 7ff7e616c9e9-7ff7e616ca4e call 7ff7e6156cc0 1094->1100 1101 7ff7e616ca53-7ff7e616ca58 1094->1101 1109 7ff7e616c47a-7ff7e616c53e call 7ff7e61727d0 call 7ff7e617beb0 call 7ff7e62a4980 1095->1109 1110 7ff7e616c477 1095->1110 1116 7ff7e616cca2-7ff7e616cca5 call 7ff7e616cec0 1100->1116 1105 7ff7e616ca5e-7ff7e616cac8 call 7ff7e61479d0 1101->1105 1106 7ff7e616cb5b-7ff7e616cb67 1101->1106 1119 7ff7e616caca-7ff7e616cb07 1105->1119 1120 7ff7e616cb08-7ff7e616cb13 1105->1120 1111 7ff7e616cb6c-7ff7e616cb75 GetFileAttributesW 1106->1111 1112 7ff7e616cb69 1106->1112 1139 7ff7e616c543-7ff7e616c54d 1109->1139 1110->1109 1113 7ff7e616cb77-7ff7e616cb79 1111->1113 1114 7ff7e616cb7f 1111->1114 1112->1111 1113->1114 1118 7ff7e616cb7b-7ff7e616cb7d 1113->1118 1121 7ff7e616cb81-7ff7e616cba1 1114->1121 1127 7ff7e616ccaa-7ff7e616cd97 call 7ff7e614de60 * 2 call 7ff7e62fcd10 1116->1127 1118->1121 1119->1120 1120->1116 1126 7ff7e616cb19-7ff7e616cb23 1120->1126 1124 7ff7e616cbce-7ff7e616cc1a call 7ff7e61479d0 1121->1124 1125 7ff7e616cba3-7ff7e616cbc9 call 7ff7e61715d0 1121->1125 1141 7ff7e616cc1c-7ff7e616cc4f 1124->1141 1142 7ff7e616cc5a-7ff7e616cc65 1124->1142 1125->1116 1126->1116 1131 7ff7e616cb29-7ff7e616cb40 1126->1131 1131->1116 1146 7ff7e616cb46-7ff7e616cb56 1131->1146 1144 7ff7e616c552-7ff7e616c725 call 7ff7e614e0f0 call 7ff7e614de60 call 7ff7e6172660 call 7ff7e6172910 call 7ff7e634e6e0 call 7ff7e6170550 call 7ff7e6170690 1139->1144 1145 7ff7e616c54f 1139->1145 1151 7ff7e616cc59 1141->1151 1147 7ff7e616cc9c 1142->1147 1148 7ff7e616cc67-7ff7e616cc71 1142->1148 1173 7ff7e616cd9e-7ff7e616cda3 call 7ff7e62fa850 1144->1173 1174 7ff7e616c72b-7ff7e616c72e 1144->1174 1145->1144 1146->1116 1147->1116 1148->1147 1152 7ff7e616cc73-7ff7e616cc8a 1148->1152 1151->1142 1152->1147 1160 7ff7e616cc8c-7ff7e616cc92 1152->1160 1160->1147 1180 7ff7e616cda4-7ff7e616cda9 call 7ff7e61437d0 1173->1180 1176 7ff7e616c734-7ff7e616c741 1174->1176 1177 7ff7e616c7d1 1174->1177 1179 7ff7e616c747-7ff7e616c7cf call 7ff7e61520f0 call 7ff7e634df60 1176->1179 1176->1180 1181 7ff7e616c7d9-7ff7e616c80a call 7ff7e6171240 1177->1181 1179->1181 1188 7ff7e616c88c-7ff7e616c89f 1181->1188 1189 7ff7e616c810-7ff7e616c819 1181->1189 1193 7ff7e616c8a5-7ff7e616c8b7 1188->1193 1194 7ff7e616c9a2-7ff7e616c9d4 call 7ff7e616cdb0 call 7ff7e614de60 call 7ff7e614db20 call 7ff7e614de60 1188->1194 1191 7ff7e616c81b-7ff7e616c82b 1189->1191 1192 7ff7e616c860-7ff7e616c88a call 7ff7e6171240 1189->1192 1196 7ff7e616c82d-7ff7e616c846 call 7ff7e614c6b0 1191->1196 1197 7ff7e616c848-7ff7e616c853 1191->1197 1192->1188 1192->1189 1199 7ff7e616c8c0-7ff7e616c8ca 1193->1199 1194->1094 1196->1192 1197->1192 1202 7ff7e616c85b call 7ff7e6171b20 1197->1202 1204 7ff7e616c8cc-7ff7e616c8df call 7ff7e62fcdf0 1199->1204 1205 7ff7e616c8f9-7ff7e616c933 1199->1205 1202->1192 1204->1205 1216 7ff7e616c8e1-7ff7e616c8f4 call 7ff7e62fad50 call 7ff7e62fcd80 1204->1216 1207 7ff7e616c938-7ff7e616c98f call 7ff7e6150cd0 1205->1207 1208 7ff7e616c935 1205->1208 1220 7ff7e616c995-7ff7e616c99c 1207->1220 1221 7ff7e616c991 1207->1221 1208->1207 1216->1205 1220->1194 1220->1199 1221->1220
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FilePathRemoveSpec__std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID: "$1412$?$CA55$CrashGuard initialized successfully, external debugger attached$CrashGuard initialized successfully, only internal dumping available$CrashGuardProcessWatcherExclusions$D$Failed to install crash hooks$avcfg://settings/CrashGuard/DumpFirstChance$avcfg://settings/CrashGuard/FullDumpFraction$python.exe;pythonw.exe;
                                                                                                                                                                                                                                                                            • API String ID: 962821443-372037041
                                                                                                                                                                                                                                                                            • Opcode ID: 64e8df9af79481fd303a7a542a8918dec5be682e1180c27b0b262b34a9669b79
                                                                                                                                                                                                                                                                            • Instruction ID: fa795fa0314fa62b91792b1dccb64f408ebd9760a2d82d485b11a486bf070a88
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64e8df9af79481fd303a7a542a8918dec5be682e1180c27b0b262b34a9669b79
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFD17C32A29B8685EA61EF15F8403EBB3A0FB95740F804137DA8D476A9DF3CD845CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A01C0 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 298COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1826 7ff7e62a01c0-7ff7e62a0220 SHGetFolderPathW 1827 7ff7e62a0226-7ff7e62a0236 1826->1827 1828 7ff7e62a04d5-7ff7e62a04eb 1826->1828 1829 7ff7e62a0263-7ff7e62a0266 1827->1829 1830 7ff7e62a0238-7ff7e62a024d GetWindowsDirectoryW 1827->1830 1831 7ff7e62a04f2-7ff7e62a04fb 1828->1831 1834 7ff7e62a0293-7ff7e62a0296 1829->1834 1835 7ff7e62a0268-7ff7e62a027d GetSystemDirectoryW 1829->1835 1832 7ff7e62a0253-7ff7e62a0258 1830->1832 1833 7ff7e62a06e7-7ff7e62a072c GetLastError call 7ff7e62a0990 call 7ff7e62ff810 1830->1833 1831->1831 1836 7ff7e62a04fd-7ff7e62a0508 call 7ff7e61483a0 1831->1836 1838 7ff7e62a025e 1832->1838 1839 7ff7e62a072d-7ff7e62a0775 call 7ff7e62a0990 call 7ff7e62ff810 1832->1839 1833->1839 1842 7ff7e62a02a5-7ff7e62a02a8 1834->1842 1843 7ff7e62a0298-7ff7e62a02a0 call 7ff7e62a08b0 1834->1843 1840 7ff7e62a0283-7ff7e62a0288 1835->1840 1841 7ff7e62a0776-7ff7e62a07c1 GetLastError call 7ff7e62a0990 call 7ff7e62ff810 1835->1841 1853 7ff7e62a050d 1836->1853 1838->1828 1839->1841 1849 7ff7e62a07c2-7ff7e62a08a0 call 7ff7e62a0990 call 7ff7e62ff810 call 7ff7e62a0990 call 7ff7e62ff810 call 7ff7e62a0990 call 7ff7e62ff810 1840->1849 1850 7ff7e62a028e 1840->1850 1841->1849 1845 7ff7e62a02b7-7ff7e62a02ba 1842->1845 1846 7ff7e62a02aa-7ff7e62a02b2 call 7ff7e62a0920 1842->1846 1843->1853 1857 7ff7e62a02c0-7ff7e62a03a0 call 7ff7e61727d0 call 7ff7e617beb0 call 7ff7e62a4980 call 7ff7e6172660 call 7ff7e6172910 1845->1857 1858 7ff7e62a03a5-7ff7e62a03a8 1845->1858 1846->1853 1850->1828 1855 7ff7e62a0510-7ff7e62a052a call 7ff7e62fcd10 1853->1855 1857->1853 1863 7ff7e62a03ae-7ff7e62a0491 call 7ff7e61727d0 call 7ff7e617beb0 call 7ff7e62a4980 call 7ff7e6172660 call 7ff7e6172910 1858->1863 1864 7ff7e62a054d-7ff7e62a0550 1858->1864 1863->1855 1875 7ff7e62a06a3-7ff7e62a06e6 call 7ff7e62a0990 call 7ff7e62ff810 1864->1875 1876 7ff7e62a0556-7ff7e62a0639 call 7ff7e61727d0 call 7ff7e617beb0 call 7ff7e62a4980 call 7ff7e6172660 call 7ff7e6172910 1864->1876 1875->1833 1876->1855
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DirectoryErrorLast$FolderPathSystemWindows
                                                                                                                                                                                                                                                                            • String ID: 3$3$@$AppData$Common AppData$Local AppData$SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Unable to retrieve a path of the known folder ({})!
                                                                                                                                                                                                                                                                            • API String ID: 1744653567-820728636
                                                                                                                                                                                                                                                                            • Opcode ID: 5a486acad1ab10feb44143b3bc524ce9221f81e346ddb5d41f008a26ab41c2db
                                                                                                                                                                                                                                                                            • Instruction ID: 590d0e7718359b51d36dfa2d29946cec5e494440373bf5351d254febd49c4ab9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a486acad1ab10feb44143b3bc524ce9221f81e346ddb5d41f008a26ab41c2db
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDE17E3292CBC692E660EB10F8407EBE364FB94354F905132E6CD86A99DF7CD648CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617D3A0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 296registrytimeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1920 7ff7e617d3a0-7ff7e617d406 1921 7ff7e617d40c-7ff7e617d592 call 7ff7e61727d0 call 7ff7e617beb0 call 7ff7e62a76c0 call 7ff7e6172660 call 7ff7e6172910 call 7ff7e634e6e0 call 7ff7e617b9c0 call 7ff7e634e6e0 call 7ff7e617b9c0 1920->1921 1922 7ff7e617d408 1920->1922 1941 7ff7e617d595-7ff7e617d59d 1921->1941 1922->1921 1941->1941 1942 7ff7e617d59f-7ff7e617d5ea call 7ff7e6180d40 call 7ff7e6172660 1941->1942 1947 7ff7e617d84c-7ff7e617d857 1942->1947 1948 7ff7e617d5f0-7ff7e617d60f 1942->1948 1949 7ff7e617d86c-7ff7e617d88b 1947->1949 1950 7ff7e617d859-7ff7e617d867 call 7ff7e617b6a0 1947->1950 1951 7ff7e617d610-7ff7e617d618 1948->1951 1954 7ff7e617d88d-7ff7e617d897 1949->1954 1955 7ff7e617d899 1949->1955 1950->1949 1951->1951 1953 7ff7e617d61a-7ff7e617d667 call 7ff7e617b820 call 7ff7e6172660 1951->1953 1953->1947 1969 7ff7e617d66d-7ff7e617d677 1953->1969 1956 7ff7e617d8a0-7ff7e617d8a3 1954->1956 1955->1956 1958 7ff7e617d8b7-7ff7e617d8c9 1956->1958 1959 7ff7e617d8a5-7ff7e617d8ad RegCloseKey 1956->1959 1962 7ff7e617d8de-7ff7e617d8fd 1958->1962 1963 7ff7e617d8cb-7ff7e617d8d9 call 7ff7e617b6a0 1958->1963 1959->1958 1961 7ff7e617d8af-7ff7e617d8b1 SetLastError 1959->1961 1961->1958 1967 7ff7e617d90b 1962->1967 1968 7ff7e617d8ff-7ff7e617d909 1962->1968 1963->1962 1970 7ff7e617d912-7ff7e617d915 1967->1970 1968->1970 1969->1947 1971 7ff7e617d67d-7ff7e617d6a3 GetSystemTimeAsFileTime 1969->1971 1972 7ff7e617d929-7ff7e617d93e 1970->1972 1973 7ff7e617d917-7ff7e617d91f RegCloseKey 1970->1973 1971->1947 1974 7ff7e617d6a9-7ff7e617d6cc 1971->1974 1976 7ff7e617d955-7ff7e617d97b call 7ff7e62fcd10 1972->1976 1977 7ff7e617d940-7ff7e617d94b RegCloseKey 1972->1977 1973->1972 1975 7ff7e617d921-7ff7e617d923 SetLastError 1973->1975 1979 7ff7e617d6d0-7ff7e617d6d8 1974->1979 1975->1972 1977->1976 1980 7ff7e617d94d-7ff7e617d94f SetLastError 1977->1980 1979->1979 1982 7ff7e617d6da-7ff7e617d727 call 7ff7e62a5d00 1979->1982 1980->1976 1984 7ff7e617d72c-7ff7e617d78e call 7ff7e6172660 call 7ff7e617b9c0 1982->1984 1989 7ff7e617d793-7ff7e617d79b 1984->1989 1989->1989 1990 7ff7e617d79d-7ff7e617d7eb call 7ff7e62a5c20 call 7ff7e6172660 1989->1990 1995 7ff7e617d7ed-7ff7e617d7fb call 7ff7e617b6a0 1990->1995 1996 7ff7e617d800-7ff7e617d81f 1990->1996 1995->1996 1998 7ff7e617d82d 1996->1998 1999 7ff7e617d821-7ff7e617d82b 1996->1999 2000 7ff7e617d834-7ff7e617d837 1998->2000 1999->2000 2000->1947 2001 7ff7e617d839-7ff7e617d841 RegCloseKey 2000->2001 2001->1947 2002 7ff7e617d843-7ff7e617d84b SetLastError 2001->2002 2002->1947
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseErrorLast$Time$FileSystem
                                                                                                                                                                                                                                                                            • String ID: CrashGuardUms$GlobalFlag$StackTraceDatabaseSizeInMB
                                                                                                                                                                                                                                                                            • API String ID: 108130482-4061403250
                                                                                                                                                                                                                                                                            • Opcode ID: 98fe8a8f69c3ffc0e9555ab4632c5d49169a4d14f2d59d6f3e03a2e97a4f7aa9
                                                                                                                                                                                                                                                                            • Instruction ID: b15aa90ed3d5ce9ba2e2a56d609918f963ab5700265aed22997f227e2e9f6e9e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98fe8a8f69c3ffc0e9555ab4632c5d49169a4d14f2d59d6f3e03a2e97a4f7aa9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91F1C522928BC589E771DF24EC903EAB3A4F795748F801136EB8D47A98DF78D644C711
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6292D60 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastThread$CurrentOpenToken$ImpersonateSelf
                                                                                                                                                                                                                                                                            • String ID: Unable to assign the process impersonation token to the thread!$Unable to obtain the thread access token!
                                                                                                                                                                                                                                                                            • API String ID: 98968010-1627354483
                                                                                                                                                                                                                                                                            • Opcode ID: 89b81d41f91d8fcaac0b3c6dd128e0c325d0ea1a2f66212f0c7e4c3b52ce73bc
                                                                                                                                                                                                                                                                            • Instruction ID: ae75681425a286a6563177a7802c6dc68706410f61b1803f606a5b74ef9f9617
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89b81d41f91d8fcaac0b3c6dd128e0c325d0ea1a2f66212f0c7e4c3b52ce73bc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E216D21A3864796EB20BB20EC583BBA364FF54B44FD04036D54D4A2A5EE3CE549C772
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6148EE8 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 140COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateCurrentErrorFileHandleInitInstupLastProcess__std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID: ($C1C3$Cannot initialize Instup, return code {}$EBBE$M$X$avast! Self-Defense trust was not acquired. Code {}$avast! Self-Defense trust was successfully acquired.
                                                                                                                                                                                                                                                                            • API String ID: 2723934490-3732355058
                                                                                                                                                                                                                                                                            • Opcode ID: c6037d4925ecd4e7a6f77dd68092b729d10f10c479e78e2ee8ca5e9d42bec52d
                                                                                                                                                                                                                                                                            • Instruction ID: 1b484069f96e89ed94cdef66f6a86b02e6df732d661fec167e662393d18f9d21
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6037d4925ecd4e7a6f77dd68092b729d10f10c479e78e2ee8ca5e9d42bec52d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3618932A18B428AE751EF64EC403AEB3B4FB85754F904836DA0D97658EF7CD844CB61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62931B0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$RevertSelf
                                                                                                                                                                                                                                                                            • String ID: Unable to adjust token privilege '{}'!$Unable to lookup privilege '{}'!$Unable to remove the impersonation token from the thread!
                                                                                                                                                                                                                                                                            • API String ID: 680554984-1021965375
                                                                                                                                                                                                                                                                            • Opcode ID: 111284e2d089178176d565f854dc630c12fb5ce56d4440cafbf20d900c1c6164
                                                                                                                                                                                                                                                                            • Instruction ID: ceb32f120b29e714e591fa718fea1fb1564a0076faf8c8830559a822ef31538c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 111284e2d089178176d565f854dc630c12fb5ce56d4440cafbf20d900c1c6164
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B51B632A28B4295E710AB60EC543AFB3B4FB54B44F940037DA4D07A59DF3CE154C361
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E616BDEF Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileModule$AttributesErrorHandleLastName
                                                                                                                                                                                                                                                                            • String ID: 1412$CA55$G$Install failed: cannot get filename of current process due to error: {}$u
                                                                                                                                                                                                                                                                            • API String ID: 816269828-125834478
                                                                                                                                                                                                                                                                            • Opcode ID: 53efb0e849a2b9e317cfb669d24b13d86d1df96c8d3267ab5dba0cc383bbd2b9
                                                                                                                                                                                                                                                                            • Instruction ID: 94fee0d469615428d7b1389047c8a85f66a785458cdeb1182ce2f597a3d8935d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53efb0e849a2b9e317cfb669d24b13d86d1df96c8d3267ab5dba0cc383bbd2b9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53316176A1868186E721EF24F8413AFB3A0FB91B44F90053BD68D47698DF3CE445CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E616CEC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID: avcfg://settings/CrashGuard/DumpFirstChance$avcfg://settings/CrashGuard/FullDumpFraction$avdef://config/Common/DumpFirstChance$avdef://config/Common/FullDumpFraction
                                                                                                                                                                                                                                                                            • API String ID: 2453523683-773575770
                                                                                                                                                                                                                                                                            • Opcode ID: 6d084beda07203f2f2c48e0503de90092d9ee34cb0639d650b88c75af17e6980
                                                                                                                                                                                                                                                                            • Instruction ID: 30b3701c52f5b22377eaf7de7fb0fe7cd7c5468124c96adbf173e29c4a349814
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d084beda07203f2f2c48e0503de90092d9ee34cb0639d650b88c75af17e6980
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84415032E24B5695EB00EB61EC401EE7378FB95B48B804626EE4C23B59DF38D656C391
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E629E2A0 Relevance: 13.6, APIs: 9, Instructions: 112COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CreateDirectory$AttributesFile
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2650082360-0
                                                                                                                                                                                                                                                                            • Opcode ID: b2509e1b89ee1c9a0de528c9843d414a1cc7525bf1f3e2ed96dda613d9510867
                                                                                                                                                                                                                                                                            • Instruction ID: a1a11f64851bffd0debae1061b548989d580c9431cc371fd9b962a059ed039bf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2509e1b89ee1c9a0de528c9843d414a1cc7525bf1f3e2ed96dda613d9510867
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8641D531E18A4281DB10AB25EC443BEA391EFD4F94FC45536D9AD476A8EF3CD4858712
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61D9C00 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 185fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000007), ref: 00007FF7E61D9C8E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000007), ref: 00007FF7E61D9CA8
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000007), ref: 00007FF7E61D9D55
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FF810: RtlPcToFileHeader.NTDLL ref: 00007FF7E62FF860
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FF810: RaiseException.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF7E62FA8D6), ref: 00007FF7E62FF8A1
                                                                                                                                                                                                                                                                            • LockFileEx.KERNEL32 ref: 00007FF7E61D9DDC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00007FF7E61D9DEB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ErrorLast$CloseCreateExceptionHandleHeaderLockRaise
                                                                                                                                                                                                                                                                            • String ID: couldn't obtain exclusive file lock$couldn't open file
                                                                                                                                                                                                                                                                            • API String ID: 3557019546-1370462906
                                                                                                                                                                                                                                                                            • Opcode ID: 6ccdc2bd04a04dd58bbf314cd43a9362f74bd838179ecf472aefe5bef1a61c75
                                                                                                                                                                                                                                                                            • Instruction ID: 7f0831f609edd78d2a6b1644720d159a93871196484b852bec2bfc58ce2e9f79
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ccdc2bd04a04dd58bbf314cd43a9362f74bd838179ecf472aefe5bef1a61c75
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2861B232A28B4582E710EB14F8443AAB3A4FB847A4F904636EBAD477E4DF3CD545C721
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6324070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,00000000,00007FF7E63249A8,?,?,?,?,00007FF7E63202DD,?,?,?,?,00007FF7E62FA5C4), ref: 00007FF7E63241EF
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,00000000,00007FF7E63249A8,?,?,?,?,00007FF7E63202DD,?,?,?,?,00007FF7E62FA5C4), ref: 00007FF7E63241FB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                            • Opcode ID: 5d6153e544ae884e6be49f66bbf10d51b184a83c3381c89dbfd5eb331c8d0587
                                                                                                                                                                                                                                                                            • Instruction ID: 2435f1f71e6438a2b5b0b6668187e537c6da27f08288161c47441db085474914
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d6153e544ae884e6be49f66bbf10d51b184a83c3381c89dbfd5eb331c8d0587
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D41E761B29A0281EB12EB16EC14377A396BF64BD0F84413ADD1D87785DE3CF4958362
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A3C10 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Resource section is empty$StringFileInfo$There is no resource section in module$Unable to determine product identifier from resources!
                                                                                                                                                                                                                                                                            • API String ID: 0-3023212541
                                                                                                                                                                                                                                                                            • Opcode ID: 14529ded0de5446f4a179889d77de0ddcbae0ce5b9f8b4f9011b8a88c8c4cdfe
                                                                                                                                                                                                                                                                            • Instruction ID: d61b735fa548d0e57ab99eb0d546fc3377d270dce9355e7f1c870015e977ff96
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14529ded0de5446f4a179889d77de0ddcbae0ce5b9f8b4f9011b8a88c8c4cdfe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83A1FC32A24B9186D7109B18E8403AAB7A5FB61BB4F90C326DABD837E4DF7CD445C711
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E616D074 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                            • String ID: 1412$CA55$Process dumper doesn't exist in path '$kT
                                                                                                                                                                                                                                                                            • API String ID: 3188754299-3328827871
                                                                                                                                                                                                                                                                            • Opcode ID: c0cda4d957cd7329d79f5703b01630e7889787f5103509d9fd66568724971e4b
                                                                                                                                                                                                                                                                            • Instruction ID: 270b90287940c2d9a36d291b6044b45a38c1f20f3ce13fc02412744ed50784b9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0cda4d957cd7329d79f5703b01630e7889787f5103509d9fd66568724971e4b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97318E25E2864251EA21AB15F8403BFA360FF95790F901637EA5D476D9DF3CE4058B22
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62922D0 Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CurrentOpenProcessThreadToken$CloseHandle
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2320986313-0
                                                                                                                                                                                                                                                                            • Opcode ID: c3e1d1c2dafc5f74914ba39f97b3b09bc139cfbc940a770d0b25d2f0f0e53b82
                                                                                                                                                                                                                                                                            • Instruction ID: 369e2badaf44b83cd0de347253c8b903d3cc299e67807c4bf19d64492a276747
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3e1d1c2dafc5f74914ba39f97b3b09bc139cfbc940a770d0b25d2f0f0e53b82
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6115B61A2968285FA70BB31EC243FBB3A4EF91B41F804036C94D46795DE3CE049C762
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A46B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __std_exception_copy$CloseErrorExceptionFileHeaderLastOpenQueryRaiseValue
                                                                                                                                                                                                                                                                            • String ID: Cannot query registry value
                                                                                                                                                                                                                                                                            • API String ID: 1628994363-1100310711
                                                                                                                                                                                                                                                                            • Opcode ID: 5c65834f60a1bb00686fb8e4e0ad4f4abcc4e7276de41601e50b06f43ae6a98c
                                                                                                                                                                                                                                                                            • Instruction ID: b30c17d23212fa70e6ea3a12be2962a7d935a52019fecc1eb358982ae7837964
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c65834f60a1bb00686fb8e4e0ad4f4abcc4e7276de41601e50b06f43ae6a98c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF517036A14B819AE710DF20E8802EE73B4FB58798F845136EB4D47B59EF38E5A4C750
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A54C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Create$CloseErrorLast
                                                                                                                                                                                                                                                                            • String ID: Cannot create registry key
                                                                                                                                                                                                                                                                            • API String ID: 3551974399-2366797263
                                                                                                                                                                                                                                                                            • Opcode ID: 3a9f815c0f5876e9efb3ac377ae917b0f9d39858e81cc8fdae0bd8d1dc40607e
                                                                                                                                                                                                                                                                            • Instruction ID: 00c7ab0b7ca62a6793aaf6d12f31511627e4796d0af66571240a92a399bd3ced
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a9f815c0f5876e9efb3ac377ae917b0f9d39858e81cc8fdae0bd8d1dc40607e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2414672A24B818AE720DF74E8902DE77B4F748B98F50013ADE895BB58CF38D595CB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6313FF8 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2067211477-0
                                                                                                                                                                                                                                                                            • Opcode ID: 86fde46315ec145f1fafc169df4172b4604b24502f2d42cb1b84a9dee100768e
                                                                                                                                                                                                                                                                            • Instruction ID: a96421da30549745ab7268bd8997e50c3bc77f7a1ab23ad6e5e937030ef77b63
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86fde46315ec145f1fafc169df4172b4604b24502f2d42cb1b84a9dee100768e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2621AA65A2974241EF14EF66AC1427BE3A0AFB4B80F84443BEE0D47786DE3CE4448762
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A4850 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseErrorExceptionFileHeaderLastOpenQueryRaiseValue__std_exception_copy
                                                                                                                                                                                                                                                                            • String ID: Cannot query registry value
                                                                                                                                                                                                                                                                            • API String ID: 2471027143-1100310711
                                                                                                                                                                                                                                                                            • Opcode ID: c75accece9269899366793d363ca13b3e9150d1677fefa5b73dba4307ad6545e
                                                                                                                                                                                                                                                                            • Instruction ID: 75799cbe0ac2c4d72ca65eaa80fa9b50f29b08ca97c4499bb7b5d73c2ea2018b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c75accece9269899366793d363ca13b3e9150d1677fefa5b73dba4307ad6545e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51317E32B18A8189FB10EF64E8512EE73B4FB58798F845436EE8D43A59DF38E254C351
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E629D160 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D090: InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7E61473C1,?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E629D0D1
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D090: DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7E61473C1,?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E629D0EA
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D090: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7E61473C1,?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E629D147
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1B4
                                                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1D5
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7E629D1FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • asw::lifetime::impl::lifetime_creation_monitor_holder::set_created, xrefs: 00007FF7E629D220
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$ChangeCloseDeleteEnterEventFindInitializeLeaveNotification
                                                                                                                                                                                                                                                                            • String ID: asw::lifetime::impl::lifetime_creation_monitor_holder::set_created
                                                                                                                                                                                                                                                                            • API String ID: 2148637788-3605786268
                                                                                                                                                                                                                                                                            • Opcode ID: 4e29154e625a3efb19ea16a0ee78175490946f422caccf38375553f0e237be0c
                                                                                                                                                                                                                                                                            • Instruction ID: 70b7601867cb1e18967e3510364934131da28e41b30f36e484a3b15df9ab053d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e29154e625a3efb19ea16a0ee78175490946f422caccf38375553f0e237be0c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9321E232A28B4282EB01EF24ED5037AA3A4FF84B80F944533DA1D436A1DF7CE591C761
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E614E3F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111synchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6147380: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E61473E0
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6147380: LeaveCriticalSection.KERNEL32 ref: 00007FF7E6147421
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7E614E50D
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00007FF7E614E52F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1B4
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1D5
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: LeaveCriticalSection.KERNEL32 ref: 00007FF7E629D1FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$CriticalHandleLeaveSection$ChangeEventFindNotificationObjectSingleWait
                                                                                                                                                                                                                                                                            • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                            • API String ID: 2569023850-2706815617
                                                                                                                                                                                                                                                                            • Opcode ID: a77876330f7e82d7e4c82ee9c6569b5683f2d2d782ab92dcba9bd2bcad3c4860
                                                                                                                                                                                                                                                                            • Instruction ID: 0795416c41fcd0411f0c4e3fef8c0d6ab7e4c69f3e7e574f9d2af159e06d16ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a77876330f7e82d7e4c82ee9c6569b5683f2d2d782ab92dcba9bd2bcad3c4860
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1751A432B28B418AEB11EF20E8403EEB3A4FB54748F841536DA4D17B99EF38D565C361
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E614E230 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111synchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6147380: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E61473E0
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6147380: LeaveCriticalSection.KERNEL32 ref: 00007FF7E6147421
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7E614E34D
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00007FF7E614E36F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1B4
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1D5
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: LeaveCriticalSection.KERNEL32 ref: 00007FF7E629D1FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$CriticalHandleLeaveSection$ChangeEventFindNotificationObjectSingleWait
                                                                                                                                                                                                                                                                            • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                            • API String ID: 2569023850-2706815617
                                                                                                                                                                                                                                                                            • Opcode ID: 0defc62d9ec2d9878b644bd284ec3a50e6cec0d1999c3453fde8de350bc8deec
                                                                                                                                                                                                                                                                            • Instruction ID: 4480d02862f87957b2f63a6f3381c22c89604846ff76a11e0b9aeec247b616f4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0defc62d9ec2d9878b644bd284ec3a50e6cec0d1999c3453fde8de350bc8deec
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC519332A28B4189EB11EF20E8403EEB3A9FB54748F841536DA4D17B99DF38E565C361
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617B490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ControlCountDeviceTick
                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                            • API String ID: 2693983885-3081909835
                                                                                                                                                                                                                                                                            • Opcode ID: 9bf5e6904c2c17927c5e34c71df002658efa45478e14580719c3e12f49a9c689
                                                                                                                                                                                                                                                                            • Instruction ID: f559ee3394393af2a4cb6d824af1ac9b230db14b46688357cbae87b26c21c08c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bf5e6904c2c17927c5e34c71df002658efa45478e14580719c3e12f49a9c689
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD218132A18F84C2E7609F24F84436AB3A4FB89B98F505225DA9C07798DF38D495CB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62FF810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                            • Opcode ID: 14b343bba3e759a0b405607f243f3861f6fe699e4418d788d4a04240fec03d74
                                                                                                                                                                                                                                                                            • Instruction ID: ec11b7e3d2e26a9b584da6ebe37b260f7009a22770786a3691569d438f9ddeb7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14b343bba3e759a0b405607f243f3861f6fe699e4418d788d4a04240fec03d74
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11112E32628B4582EB219B15E84035AB7E5FB88B84F984236DF8D07768DF3CD5618B45
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617B580 Relevance: 4.6, APIs: 3, Instructions: 53timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Times$CountProcessSystemTick
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1969624557-0
                                                                                                                                                                                                                                                                            • Opcode ID: e5a8df25eb447f0897b7af9c56eb5d091a523079ee8049f9c4802534b2662b99
                                                                                                                                                                                                                                                                            • Instruction ID: e7aaa9503527859686e24fcf8702f61830ed53e13d412fe3b750089e19e22e0e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5a8df25eb447f0897b7af9c56eb5d091a523079ee8049f9c4802534b2662b99
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B212132528F85C2DB409F24E84029EB7B5F798B88F505126EF8D47729DF38E594C740
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A76C0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 181registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                                                                            • String ID: Cannot open registry key
                                                                                                                                                                                                                                                                            • API String ID: 71445658-2132507311
                                                                                                                                                                                                                                                                            • Opcode ID: 6b1a80dc925dd75e92f34d0c4196cd048920ce2b6d49fe1ea4bcebaca512445f
                                                                                                                                                                                                                                                                            • Instruction ID: 0ea9d6d99ef50d753d5b73c8ffebe3f76e06aa49c9417d05467ee58fc928eebd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b1a80dc925dd75e92f34d0c4196cd048920ce2b6d49fe1ea4bcebaca512445f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE619B72B147818AEB209F25E8446EEBBA4FB48798F904036DF8D57B09EF78E151C710
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61479D0 Relevance: 3.1, APIs: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2453523683-0
                                                                                                                                                                                                                                                                            • Opcode ID: 67e2fab021266c9c77d075616b6545519a1305d6dd13717808bc519e3f3051b4
                                                                                                                                                                                                                                                                            • Instruction ID: ba66909914df47ab83c9929a36c41d9ac03f9dadd1f89dcf039e160063b7104a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67e2fab021266c9c77d075616b6545519a1305d6dd13717808bc519e3f3051b4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0418F32A28B4182EB11EB15E88436AB3A4FF44B90FA58137DA5D077A0EF3DD841C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617CA40 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentInfoNativeProcessSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3852810090-0
                                                                                                                                                                                                                                                                            • Opcode ID: 09c77ee01eb2b546073ee9c0064004b23e8d8111813079752c7fa078b26fe35a
                                                                                                                                                                                                                                                                            • Instruction ID: d50d34c5fc41258765c10023b81a4042c2b047dee9b970f444046a3ef5554748
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09c77ee01eb2b546073ee9c0064004b23e8d8111813079752c7fa078b26fe35a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D419372510B808AD750CF26E98075DB7FCFB64B88F14422ADB8847BA8DF38E565C350
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E59310 Relevance: 2.5, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                            • Opcode ID: 68c330fe6670181e2a730212d2b734b7f1becf170376018d40afb2a0a558a6e8
                                                                                                                                                                                                                                                                            • Instruction ID: 8faeadac9774a6a9328949771fa5b85884ab41ffa7689ad169707886b718fe30
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68c330fe6670181e2a730212d2b734b7f1becf170376018d40afb2a0a558a6e8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53F04F22F1974181DB54DB16F99456E6760EB89BD4F591030EE5E03B5DEF38D4908B00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61B6C60 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2453523683-0
                                                                                                                                                                                                                                                                            • Opcode ID: 20f493b9ae071d3f6d407ad5c6f31eedaaecc9cdf34c1cdb86c3f10cd0eae4ed
                                                                                                                                                                                                                                                                            • Instruction ID: 53617ae689e7fd62b45ae8358310d51a2fd0f5ee46b434bda18551ca78f3c318
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20f493b9ae071d3f6d407ad5c6f31eedaaecc9cdf34c1cdb86c3f10cd0eae4ed
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9918F32A24A45C5EB10EF26E8903AAB3A0FB98F88F948136DE4D47764DF3CD455C791
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62FCE80 Relevance: 1.6, APIs: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                                            • Opcode ID: d09ca884dd5dda2c3ed9833b25182662381ffba5d249c1d763d207f0c79d1e95
                                                                                                                                                                                                                                                                            • Instruction ID: 45d9e65689a243c22241397467cfd248a1fadc5151509f17f0b17dcb8bd855a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d09ca884dd5dda2c3ed9833b25182662381ffba5d249c1d763d207f0c79d1e95
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99515572E3C24286F765AF25AC0537BFA90AB15360FC0463BDA5D837D4CA3CE5508B21
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A43A0 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __std_exception_copy.LIBVCRUNTIME ref: 00007FF7E62A44E6
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FF810: RtlPcToFileHeader.NTDLL ref: 00007FF7E62FF860
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FF810: RaiseException.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF7E62FA8D6), ref: 00007FF7E62FF8A1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise__std_exception_copy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3973727643-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4f13111e9576ebb298db5b3a423682e425a5c878827390012b245d947a4b46de
                                                                                                                                                                                                                                                                            • Instruction ID: 330dce246f4bf68f04047b50b5ad739a0e8fcf1bad902c3520fb12f392cb7ed3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f13111e9576ebb298db5b3a423682e425a5c878827390012b245d947a4b46de
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE419572A18B4299EB10EF24E8812FEB374EB54748F805533EA4D07669FF78E295C351
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62E4410 Relevance: 1.5, APIs: 1, Instructions: 38timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E61E6E20: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00007FF7E614327D), ref: 00007FF7E61E6E76
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E61E6E20: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF7E614327D), ref: 00007FF7E61E6E8B
                                                                                                                                                                                                                                                                            • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7E6143287), ref: 00007FF7E62E4441
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProcSystemTimes
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 368006440-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2a39012d376c24ebe239ef222a12a40e81cc74fe0e29b031d32ded52b94b9709
                                                                                                                                                                                                                                                                            • Instruction ID: 7abb84c3ac6a599180f726edade307f4dcbb9096a00e0f5891ef8a8cb2f2668e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a39012d376c24ebe239ef222a12a40e81cc74fe0e29b031d32ded52b94b9709
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18119476628A848AD764DF15F49045AB7A1F7CCB84B40522AFA8E83B58DF3CD654CF04
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA11BDD4 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,?,?,00007FFDFA1261C1,?,?,00000000,00007FFDFA11575F,?,?,?,00007FFDFA11A88F,?,?,?,00007FFDFA11A785), ref: 00007FFDFA11BE12
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: a863322afd983e3cfd97970bcd1aadd9155acc746af44e1472394843e53131e9
                                                                                                                                                                                                                                                                            • Instruction ID: dc982d5a633e17a23ca8854670a415184a2350cdb0083e35a6cfc66935c3714b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a863322afd983e3cfd97970bcd1aadd9155acc746af44e1472394843e53131e9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4F08212F0E20655FF6C6BB2D860EB811855F557B0F1A66B0DF3E862C9EE1CE4504250
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E632125C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,?,?,00007FF7E6326669,?,?,00000000,00007FF7E63210B7,?,?,?,00007FF7E6320BD7,?,?,?,00007FF7E6320ACD), ref: 00007FF7E632129A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: 175d4b89ab31686c49d4585ac5ea770e7c155183f44c652aca588092df315658
                                                                                                                                                                                                                                                                            • Instruction ID: 5e172825139c72d6a4e9b4de4a07abdc4069a9e2177fbe99a468e2f9a2257f4e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 175d4b89ab31686c49d4585ac5ea770e7c155183f44c652aca588092df315658
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF03080F3934740FA5436A15D5537791825F66760F88433EEE2E852C2DD3CA4418132
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61729F0 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2453523683-0
                                                                                                                                                                                                                                                                            • Opcode ID: c66ce3cb3dc286aa1565f411fe3c68d22209824f1af2148d0e16cbdbc8b0d659
                                                                                                                                                                                                                                                                            • Instruction ID: 12bc341ca4d091b49d84ff4d8d6bc2875c0d2085b7ebc7af5882bca75edb9774
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c66ce3cb3dc286aa1565f411fe3c68d22209824f1af2148d0e16cbdbc8b0d659
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCF06222928B8191D610EB11F88016AB3A4FB98BD0F904236FECD17B69EF3CD594CB10
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6141A70 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Startup
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 724789610-0
                                                                                                                                                                                                                                                                            • Opcode ID: 422d762837b6e6d4f0e4c322e7caf4e30be4a76fde28382abea317ec21eb72b3
                                                                                                                                                                                                                                                                            • Instruction ID: b6315b1cfcda464ee988a20fc1eb38227135dd5d7599e8746c93f8c9b950e3c1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 422d762837b6e6d4f0e4c322e7caf4e30be4a76fde28382abea317ec21eb72b3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43E01271E2968281FA60B710EC653FBA360BB58744FC00437C54D56795DE3DE1198751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA0D4144 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 49be80d1b7e653bb248e617c393a808bdabb4c37589edf4d45484fbecae9a8c8
                                                                                                                                                                                                                                                                            • Instruction ID: bfd546048719a2846bb47a97a42c5c5845f6d89e871da4cc853b0e0acd4e7ceb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49be80d1b7e653bb248e617c393a808bdabb4c37589edf4d45484fbecae9a8c8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41D0920AF9D64750FF6C26B16832DB905840F64779E1807B8A83D052DFAD1EA455A151
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6143260 Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32 ref: 00007FF7E614326B
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E61E6E20: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00007FF7E614327D), ref: 00007FF7E61E6E76
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E61E6E20: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF7E614327D), ref: 00007FF7E61E6E8B
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62E4410: GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7E6143287), ref: 00007FF7E62E4441
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressCriticalHandleInitializeModuleProcSectionSystemTimes
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1646434232-0
                                                                                                                                                                                                                                                                            • Opcode ID: 65821a5ab7219d1bf11f55eabfe9411a9e86aaad5877f87c77446249d3a5b555
                                                                                                                                                                                                                                                                            • Instruction ID: 9af5b21749a9adb7063f5808922e111be7a0b0e60f92bf83ab332d278c173d82
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65821a5ab7219d1bf11f55eabfe9411a9e86aaad5877f87c77446249d3a5b555
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EF0F451D3CA8781E601EF10ED512BAA360AFA6744FD29237D54D51162EF7CB3D89232
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 00007FFDF9E929D0 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 404registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Version$ClassCursorLoadObjectRegisterStock
                                                                                                                                                                                                                                                                            • String ID: (@$-HTMLAYOUT-POPUP$-HTMLAYOUT-TOOL$HTMLAYOUT$HTMLAYOUT-POPUP$HTMLAYOUT-TOOL$P
                                                                                                                                                                                                                                                                            • API String ID: 2620246556-1650735011
                                                                                                                                                                                                                                                                            • Opcode ID: 4bcf85258f5375545c7f721fa82571aa8ea3369c4c1f0ad3e1ac71c2c660e45d
                                                                                                                                                                                                                                                                            • Instruction ID: 015d25e39e6e0d4021777148b8e29552bf9974da1b48e5c4a4317af12e6a78d3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bcf85258f5375545c7f721fa82571aa8ea3369c4c1f0ad3e1ac71c2c660e45d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92121332F0D64686FB648F25E8A06B963E4FB9534CF101135E66E867ECDF6DE5808B01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E93050 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 400registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Version$ClassCursorLoadObjectRegisterStock
                                                                                                                                                                                                                                                                            • String ID: (@$-HTMLAYOUT-POPUP-W$-HTMLAYOUT-TOOL-W$HTMLAYOUT-POPUP-W$HTMLAYOUT-TOOL-W$HTMLAYOUT-W$P
                                                                                                                                                                                                                                                                            • API String ID: 2620246556-2858749733
                                                                                                                                                                                                                                                                            • Opcode ID: e1ff05cffae27ee595081eb6c19b275901260582f90e83d50f730d29e4cc16d0
                                                                                                                                                                                                                                                                            • Instruction ID: 2c374c0923b7f47279090ad531247db9c38f06ab2137e7c65f28e45874dc32fa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1ff05cffae27ee595081eb6c19b275901260582f90e83d50f730d29e4cc16d0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17122232F0D64286F764CF25E8A067963A4FB6574CF102135E6AE866EDDF2DE5808B01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E629F550 Relevance: 44.1, APIs: 13, Strings: 12, Instructions: 371fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$File$ExclusiveLock$AcquireInfoVersion$CloseCreateExceptionHandleHeaderQueryRaiseReleaseSizeValueWrite_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                            • String ID: 6$Cannot query a .sys file version from PPL process '{}'$GetFileVersionInfoSizeW$GetFileVersionInfoW$Unable to make a .sys copy$VerQueryValueW$VerQueryValueW signature is invalid$asw$set_file_content$set_file_content '{}'$set_file_content content is too large$tmp
                                                                                                                                                                                                                                                                            • API String ID: 3080410690-613824156
                                                                                                                                                                                                                                                                            • Opcode ID: ba03cb1dc33f8e5db91fef2197077b7a9b71303ec077511034661c6c5e82c544
                                                                                                                                                                                                                                                                            • Instruction ID: 90fcb7b77df5e4ce24c8fb3c84799c7578aa4c8848f971b19bbcc245b5ce7a99
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba03cb1dc33f8e5db91fef2197077b7a9b71303ec077511034661c6c5e82c544
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4029132A28B8291EA60EB14EC503EBE364FB95780FD05137D68D476A5EF3CE549C721
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E56F8C Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 428windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ObjectPaint$Window$Select$Begin$LongStock$CreateMessageRectSectionSend$AlignClientClipCompatibleCriticalDeleteLayoutLeaveModeParentPointsRestoreSaveTextViewport
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 401802432-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: 1ef6399ee1d82361f8872b1d714f466a9eba0f46ad5f92f77dac1e99eedbbe82
                                                                                                                                                                                                                                                                            • Instruction ID: e4ec9e96d966002898d488411b61fa2bd5e46c75c8b17a0be07d0908cd3b116f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ef6399ee1d82361f8872b1d714f466a9eba0f46ad5f92f77dac1e99eedbbe82
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17224A32A19AC18EEB24CF34DCA06E93361FB88758F404225DA5E5BBADDF39D654C701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E8F890 Relevance: 33.4, APIs: 22, Instructions: 421COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Long$Rect$Client$FillObjectParentStock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 116929244-0
                                                                                                                                                                                                                                                                            • Opcode ID: 83d4e0bf6598a12f68106ffd508de36e987e112b72fc03b1ab5515557e51eb40
                                                                                                                                                                                                                                                                            • Instruction ID: 63019aac0e8ef0e383bbb76679104ac18bfab2b8441d6aa91958589539741805
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83d4e0bf6598a12f68106ffd508de36e987e112b72fc03b1ab5515557e51eb40
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7123E32F15B828AEB14CF65D8A45BC2361FB89798F059635DE6E53B9CDF38E5808340
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617DB90 Relevance: 32.0, APIs: 7, Strings: 11, Instructions: 475COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$AcquireCloseCurrentEnumErrorExclusiveFullHandleImageLastLockNameOpenProcessesQuery
                                                                                                                                                                                                                                                                            • String ID: ,$0398$0398$2$Cause: Process watcher, connected to previous dump$Connected process dump unsuccessful, error code {}$FA7D$FA7D$Unable to enumerate processes, error code {}$aswEngSrv.exe${}ToolsSvc.exe
                                                                                                                                                                                                                                                                            • API String ID: 3056747941-2539274476
                                                                                                                                                                                                                                                                            • Opcode ID: fc53fbd27732cc706807a4bc590649c631a24c2fa6a963c606f3fcd9c7e09045
                                                                                                                                                                                                                                                                            • Instruction ID: 404adaa5d8900c7db15426bca7361a9475ebbfea5c468a8c60cf9e25910d185c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc53fbd27732cc706807a4bc590649c631a24c2fa6a963c606f3fcd9c7e09045
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80325C72A1CBC581E661EB25E8403EBF3A1FB89780F904136DA9D43A99DF3CE545CB11
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E5E890 Relevance: 22.7, APIs: 15, Instructions: 199timekeyboardCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AsyncState$Timer$Kill$ClickDoubleTime
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1542649206-0
                                                                                                                                                                                                                                                                            • Opcode ID: c9be50d26ca0c702c7d966a0e701298f98e760bc0f19851d1474d52ba7ceba32
                                                                                                                                                                                                                                                                            • Instruction ID: fcac7d6bab07e5af3db56fdb8a26b4c2671a20b1f056d09715e4039a99a0217f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9be50d26ca0c702c7d966a0e701298f98e760bc0f19851d1474d52ba7ceba32
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B915F36F14A458AEF549F65E8A4A7D23A1FB48BA8F004135CE9E877A8DF3DD0458341
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6180770 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Free$CriticalSection$Alloc$ClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep
                                                                                                                                                                                                                                                                            • String ID: asw::crashguard::ProcessWatcher::Singleton::v1
                                                                                                                                                                                                                                                                            • API String ID: 2061331858-1811440512
                                                                                                                                                                                                                                                                            • Opcode ID: 2dcce4110282639c9350da56cba6cfba6514df93b0a16329892953543af0c549
                                                                                                                                                                                                                                                                            • Instruction ID: 61cd2072b65b10ea3c1722a47ccd07e8fa8211072ee605f1044ce0498f90d005
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2dcce4110282639c9350da56cba6cfba6514df93b0a16329892953543af0c549
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5571A222E29B4685FB11EB61EC043AAA3A0AF55B98F80413ADD4D17794DF3CE545C362
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6156810 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Free$CriticalSection$Alloc$ClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep
                                                                                                                                                                                                                                                                            • String ID: asw::settings::SettingsConfig::Lock
                                                                                                                                                                                                                                                                            • API String ID: 2061331858-4244600543
                                                                                                                                                                                                                                                                            • Opcode ID: a55ebf2ca24ab9a1bce9327ad06af4e818cbd854e0794d1c3f31c3f8638b4773
                                                                                                                                                                                                                                                                            • Instruction ID: 7e680436bf1c1c5d9d494aaa90239fab7bce89529984b9702e3a1e5af3714458
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a55ebf2ca24ab9a1bce9327ad06af4e818cbd854e0794d1c3f31c3f8638b4773
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26719321A29B4285FB11EF65EC043BAA3A0AF55B94F804137DD0D177A8DF3CE545C3A2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E617F560 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 155processnativesynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCurrentProcessProcess32$Concurrency::cancel_current_taskCreateFirstHandleNextObjectSingleSnapshotToolhelp32Wait
                                                                                                                                                                                                                                                                            • String ID: list too long
                                                                                                                                                                                                                                                                            • API String ID: 1192480843-1124181908
                                                                                                                                                                                                                                                                            • Opcode ID: 66a8062cf17dd9100d59d7b234f177ec79e635599c8c1137bce86bba9f5add7f
                                                                                                                                                                                                                                                                            • Instruction ID: b0416ce1bb145f7b368029228c1e95b76f28a0a0a106bad126000dc1ce265f80
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66a8062cf17dd9100d59d7b234f177ec79e635599c8c1137bce86bba9f5add7f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65617C32628A8186E711EB25E8403ABB7E4FB89B90F944136DE4D03BA4DF3CE955C750
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9FF8AF0 Relevance: 15.1, APIs: 10, Instructions: 89clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Global$Clipboard$AllocByteCharDataLockMultiUnlockWide$CloseOpen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2505041382-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4bf77bd10f3d03aeb6e0757a34b07a51781f6553b17533bad72f1d3484344723
                                                                                                                                                                                                                                                                            • Instruction ID: 506f2b16701a5e206c64902978eaa075366027b5655f1c6f872898b33b3af9d2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bf77bd10f3d03aeb6e0757a34b07a51781f6553b17533bad72f1d3484344723
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD418C66B0AB868AEB189F11E8645696361FF48BE4F054131DE9E077ACDF3CE451C700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E8EFA0 Relevance: 12.2, APIs: 8, Instructions: 234COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$CreateLongObjectSelect$CompatibleDeleteRectSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3118830011-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6a59ebda5fe01758fd354a52befc936e97cfe885c6b360b7c0c5d45fa17f921b
                                                                                                                                                                                                                                                                            • Instruction ID: 2408359b07c0ad855fe815933fc11a0a89c5a7683985c9cedaeee8ffe65bb313
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a59ebda5fe01758fd354a52befc936e97cfe885c6b360b7c0c5d45fa17f921b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7C16C36B09B858AEB14CF65E894AED73A0FB89B48F504136DA5D53BADCF38D145CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA114B74 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9603bfcd7ec9ab17c348f56aca8f175d4cb2340f22ca4ef12617b67ba2aea569
                                                                                                                                                                                                                                                                            • Instruction ID: cce6df5c8c53383f59acb2ce3204a5b5620c11c28b8f28ec48d8ae181fe9d605
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9603bfcd7ec9ab17c348f56aca8f175d4cb2340f22ca4ef12617b67ba2aea569
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92317133B18B8296DB64CF25E8507AE73A4FB88758F550175EAAD43B98EF3CC1558B00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6311E34 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                            • Opcode ID: 827e7a59774805095390571979b04982cbed8b3d41abc9785a87729e00d2c2aa
                                                                                                                                                                                                                                                                            • Instruction ID: 80728eb8ff995849734621bbb2da9c9b55659111f348f156418726dd1f7c25bb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 827e7a59774805095390571979b04982cbed8b3d41abc9785a87729e00d2c2aa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80318172628B8186EB609F24EC403EEB3A4FB98794F90013AEA9D43B95DF3CC555C711
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E90210 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$FromPoint
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2501751775-0
                                                                                                                                                                                                                                                                            • Opcode ID: fe73b1b185ceb9d26b7f7146317ba9fc52fb26274534e5e78b324e57979880ae
                                                                                                                                                                                                                                                                            • Instruction ID: 3c6360a318f676e8ef54dfea820052ab59ca239bde99587029a82a0bb6211f28
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe73b1b185ceb9d26b7f7146317ba9fc52fb26274534e5e78b324e57979880ae
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A516B77F0AA0186EB54CF25D8A467A63A0FB88B8DF558131DE5E433ACDF3DD4418A41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA10BCD0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: memcpy_s
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1502251526-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: 3cfb5c3b9e944fc4b0e5d5a68e91cfb76fa6e5b1e78fcb6c67f41162daa79726
                                                                                                                                                                                                                                                                            • Instruction ID: 14c08455f00b833adcfc8f56e5df686819b20e5c9740f5cebf27a544aaf412ca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cfb5c3b9e944fc4b0e5d5a68e91cfb76fa6e5b1e78fcb6c67f41162daa79726
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56C1E477B1929687D728CF19E054A6AB791FB98788F49C135DB5A47B88DB3CE801CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E86210 Relevance: 6.2, APIs: 4, Instructions: 164COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$LongScroll
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3844982632-0
                                                                                                                                                                                                                                                                            • Opcode ID: d31731f29c5127f6e3699dc7a30ec3bab05aebb65d4eb8f018d363d00b3283eb
                                                                                                                                                                                                                                                                            • Instruction ID: de5cf220eb32b1ca0d3b7a5f49a1b492448d651d92e182d5a55295e5f683a375
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d31731f29c5127f6e3699dc7a30ec3bab05aebb65d4eb8f018d363d00b3283eb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14714936F05A5589EB04CF66E9A09AC37A5FB89F98F058136DE6E077A8DF38D045C301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E57E67 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalInfoLeaveLocaleSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1229108425-0
                                                                                                                                                                                                                                                                            • Opcode ID: b38bc3e53c943742c51471315cb5abe0a8cbba3f87fa76cacc0217c14aad936a
                                                                                                                                                                                                                                                                            • Instruction ID: 083cf12400f99e96a0de1992a7b668cf21539de2512e3c4e885c6ef774bd65e1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b38bc3e53c943742c51471315cb5abe0a8cbba3f87fa76cacc0217c14aad936a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D019663F056458AEB0ADF25E8606A86360FF48FA9F014032DE1E437A8CF3DD586C301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6329D98 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6322B20: GetLastError.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322B2F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6322B20: FlsGetValue.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322B44
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6322B20: SetLastError.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322BCF
                                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7E632A587,?,00000000,00000092,?,?,00000000,?,00007FF7E631D929), ref: 00007FF7E6329E36
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3029459697-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2c6df20342e7f3386ad592c6bd6ffc4bdd5777819af3c877c7b190922ff68aa2
                                                                                                                                                                                                                                                                            • Instruction ID: cc6e883232b6f9ff5e85b8370b3098732d2e3c2ed019c03bc7a4f82c5e1c032a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c6df20342e7f3386ad592c6bd6ffc4bdd5777819af3c877c7b190922ff68aa2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63112773E28601CAEB10AF16D8403BEB7A2FB60F90F84513AC629473C0CA38D5D1C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6329E68 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6322B20: GetLastError.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322B2F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6322B20: FlsGetValue.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322B44
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6322B20: SetLastError.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322BCF
                                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7E632A543,?,00000000,00000092,?,?,00000000,?,00007FF7E631D929), ref: 00007FF7E6329EE6
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3029459697-0
                                                                                                                                                                                                                                                                            • Opcode ID: d8a63af4ad55f59f56d80c3fe3b0a48d690781a38be5b4655b9b69018cf965ab
                                                                                                                                                                                                                                                                            • Instruction ID: 5138746fe5f4b98ce985210fab7932b53ac67d22abc2d730523e234e5e10dfa1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8a63af4ad55f59f56d80c3fe3b0a48d690781a38be5b4655b9b69018cf965ab
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F601B972E2824186E7106F16E8407BAB6A3FB607A4F85963BD668472D4CF7C9481C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6323FF4 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF7E632449F,?,?,?,?,?,?,?,?,00000000,00007FF7E63293D8), ref: 00007FF7E6324043
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0379ef0ea1ff27b7d86364cff64a140eb1c9dea562b3dcdf877bc6422e7df32f
                                                                                                                                                                                                                                                                            • Instruction ID: 83da0606c699e1d89bddc080d06d68703e5af5897422e66d4d5a22081421eb8d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0379ef0ea1ff27b7d86364cff64a140eb1c9dea562b3dcdf877bc6422e7df32f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCF081B1B24B4183E704EB15FC402AAB3A2FBA9B80F84513ADA0D83764CF3CD555C351
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9EE59D0 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 180libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$Version$LibraryLoad
                                                                                                                                                                                                                                                                            • String ID: A$CloseThemeData$DrawThemeBackground$DrawThemeText$GetThemeBackgroundContentRect$GetThemeInt$GetThemePartSize$IsThemeBackgroundPartiallyTransparent$OpenThemeData$SetWindowTheme$UXTHEME.DLL
                                                                                                                                                                                                                                                                            • API String ID: 29192645-1228588308
                                                                                                                                                                                                                                                                            • Opcode ID: d1b90b9494a495b6d96edd82e2ba10971f795cb03655433f9aac1ab95a5401bf
                                                                                                                                                                                                                                                                            • Instruction ID: 4b67ddd450d4e7a9f1013fc779ce5742a75c17b7c26bb4ab8fe8d3fa39cd162d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1b90b9494a495b6d96edd82e2ba10971f795cb03655433f9aac1ab95a5401bf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BA18C25F0D64392FB659F10E8B4B792394FB85348F5211B6D86E822ECDF3EE1849702
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E68BC0 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 355COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$CriticalSection$Rect$EnterLeaveLong$ClassClientCursorLoadObjectRegisterStockVersion$AdjustCreateDesktopParentText
                                                                                                                                                                                                                                                                            • String ID: title
                                                                                                                                                                                                                                                                            • API String ID: 2376530372-724990059
                                                                                                                                                                                                                                                                            • Opcode ID: 018a44ae7102a756e5555ea748817041c10e1545ada4e5ec59b6d623e8bdab64
                                                                                                                                                                                                                                                                            • Instruction ID: bfde79c0c97a0bc7b31cbb830f8e8ba7c4d7955cc44a102c5f985f3d87d1bfb2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 018a44ae7102a756e5555ea748817041c10e1545ada4e5ec59b6d623e8bdab64
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CDF18E32F196068AEB18DF65E8A09AD73A1FB48B88B404535DE6E53B9CDF3DE504C701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62ABF70 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 165memorysleepregistryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$ErrorLast$ClassCriticalFreeSection$AllocDeleteHandleInfoInitializeModuleRegisterSleep
                                                                                                                                                                                                                                                                            • String ID: P${9C7565A2-47C2-4869-B388-8C7F9AD8E577}
                                                                                                                                                                                                                                                                            • API String ID: 1585186069-2048047006
                                                                                                                                                                                                                                                                            • Opcode ID: 379b04202f1cca844d3929abf66db98624407cbbbde78b2370e08e8c2e7dd8c2
                                                                                                                                                                                                                                                                            • Instruction ID: 53117091b874778ab50e759e55a0ea3d21988e9ce3a5b3dbeab464d1f891a2b9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 379b04202f1cca844d3929abf66db98624407cbbbde78b2370e08e8c2e7dd8c2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20718121A28B4282E650BB61EC443BBA3A4FF98F94F80003BDA4D46764DF7CE544C762
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E5F040 Relevance: 31.7, APIs: 21, Instructions: 152COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Rect$Window$MetricsSystem$InflateLong$Offset$ClassClipCombineCreateDeleteExcludeFillIndirectObjectProcRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 273201684-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7dcb4a5c0edf8d6c0c8212128ece4bad30eac2d425a56e6f38ad513122417302
                                                                                                                                                                                                                                                                            • Instruction ID: 50a40d647f0900efc68651ffbef356ba8618e936ebcfb58aaa6d7f7f829885a6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7dcb4a5c0edf8d6c0c8212128ece4bad30eac2d425a56e6f38ad513122417302
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1618676F14A459AFB14DB62E868AA937A0FB49B98F401531CD2E5779CDF3CD085C700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E85A10 Relevance: 30.5, APIs: 20, Instructions: 492COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$Select$Delete$ReleaseRestoreStock$AlignRectScrollTextValidate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3282784917-0
                                                                                                                                                                                                                                                                            • Opcode ID: 35811859055a911cac63c8ac71128aba253671cdea1070ce496615ef7750ea00
                                                                                                                                                                                                                                                                            • Instruction ID: 30e9a32a4ecd0b834a4efd17667d6ca76674d573230f247545e550dded4cab25
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35811859055a911cac63c8ac71128aba253671cdea1070ce496615ef7750ea00
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A324D37F15A818AEB14CF65D8906AD77B1FB88B88F148125DA6E07BACCF39D544CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E8E250 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$ClassCreateCursorLoadLongObjectRegisterStockUpdateVersion$AllocClientCurrentHookRectShowThreadUnicodeValueWindows
                                                                                                                                                                                                                                                                            • String ID: -HTMLAYOUT-POPUP$-HTMLAYOUT-POPUP-W$HTMLAYOUT-POPUP$HTMLAYOUT-POPUP-W$RUNTIME ERROR: unable to create popup window.
                                                                                                                                                                                                                                                                            • API String ID: 4161899599-509921070
                                                                                                                                                                                                                                                                            • Opcode ID: 43d786ee69e2e11d093280ef3f9b7cfe77da5a5a22630fa5a84f811fb2368c90
                                                                                                                                                                                                                                                                            • Instruction ID: a7e7a9f27297ebfe0d48385955dea7e71f7d1d2e67028435bd6d3338aa8b8c6e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43d786ee69e2e11d093280ef3f9b7cfe77da5a5a22630fa5a84f811fb2368c90
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C761A233B18B4A86E714DF25F860A6977A4FB85B94F005135EAAE43BA8DF3CD444CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9ED2F30 Relevance: 24.1, APIs: 16, Instructions: 124windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Color$Object$BrushText$CreateDeleteSelect$BitmapPattern
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 800347078-0
                                                                                                                                                                                                                                                                            • Opcode ID: b84ab2b38b4368bf2e2671a82ed6620176b486d3b19abfdc2170cf987e279093
                                                                                                                                                                                                                                                                            • Instruction ID: 544672bb4ee5300be08b39fddfd1b960431d6fcfcef2184ca0c45c3efa840e6e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b84ab2b38b4368bf2e2671a82ed6620176b486d3b19abfdc2170cf987e279093
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B513836B04A958AD704CF22E8ACD2A77A4FB89BD4B568035DE5E43758DF3DD485CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E55E80 Relevance: 24.1, APIs: 16, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ObjectViewport$CompatibleCreateModeSelectWindow$BeginBitmapClientPaintRectStock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3586948744-0
                                                                                                                                                                                                                                                                            • Opcode ID: 395c0d5d5c264ae5d11bcc9ce1fb231b35f6cac10f5ffe085525c990ee6a8496
                                                                                                                                                                                                                                                                            • Instruction ID: 6552ebc4dc2148457353b0b7815ec5e0f1ac2d808f7a808f96c4ad07b502a0d1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 395c0d5d5c264ae5d11bcc9ce1fb231b35f6cac10f5ffe085525c990ee6a8496
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8513736B04A458AEB54CF35E864A6973A4FB88F98F448235CE9D4776CDF38E484CB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61487B0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 279memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$CriticalSection$AllocFree$ClassDeleteEnterErrorInitializeLast_invalid_parameter_noinfo_noreturn$HandleInfoLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                            • String ID: asw::settings::SettingsConfig::Lock$asw::settings::SettingsConfig::ProductPluginLoadFn$asw::settings::SettingsConfig::ProductPluginUnloadFn
                                                                                                                                                                                                                                                                            • API String ID: 3963010532-3014327910
                                                                                                                                                                                                                                                                            • Opcode ID: 350b84d9224f917fe46e02ea7519308f0f573497958ddf0f10c208fc35719ed4
                                                                                                                                                                                                                                                                            • Instruction ID: 2576976fa55edb22c02227e5d5a0a74091c11555d26cef5bc9a742fab39d6af9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 350b84d9224f917fe46e02ea7519308f0f573497958ddf0f10c208fc35719ed4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09C1AC32A29B4285EA51EF15FC4436EB3A4FB58B80F908136DA8D47B65EF3CE491C311
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E56C80 Relevance: 19.6, APIs: 13, Instructions: 86windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendViewport$ClipLayoutLongParentPointsRectRestoreSave
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1374418031-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8feb470ddaf31239c70104988785c159dde7981b8ccd4a021e7ed8e0ad66822b
                                                                                                                                                                                                                                                                            • Instruction ID: 1a18f29d29fc70cd598ac526321940b28a137f4384bb53bcdcf208f6ecd932c2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8feb470ddaf31239c70104988785c159dde7981b8ccd4a021e7ed8e0ad66822b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB316332B086458BEB24DF25F864A6A7761FB89B94F444230DE9E03B5CCF3CD5458B00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E5A9B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Cursor$Load
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1675784387-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: c07dd71851a95b003605c5021686e0452f42416c29dcbcaf094368acbd215302
                                                                                                                                                                                                                                                                            • Instruction ID: a7f98feed483514108d8a634672f7757a979aac38772138db9be50a98765eba6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c07dd71851a95b003605c5021686e0452f42416c29dcbcaf094368acbd215302
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EA1A331F0E6438AFBA8CF50D8F0A7923A9AF54758F115175C92E826ECEE2DE5849341
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E690F0 Relevance: 18.2, APIs: 12, Instructions: 155COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$CriticalSection$EnterLeaveLong$ClientCreateDialogRect
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 795340837-0
                                                                                                                                                                                                                                                                            • Opcode ID: a0313c62a5e7160e3436fd1c23a67822178ac3cbfb9bff9feb0a84e5b7beacae
                                                                                                                                                                                                                                                                            • Instruction ID: 6df87f8f384305f5833e68f64f508add245d1c369ffd829c33cc65a62062962d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0313c62a5e7160e3436fd1c23a67822178ac3cbfb9bff9feb0a84e5b7beacae
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E461C022F19B4686EB18CF16A8A4A7973A1FF88B84F554035DA6E437DDDF3DE4018701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6322B20 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322B2F
                                                                                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322B44
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322B65
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322B92
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322BA3
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322BB4
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322BCF
                                                                                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322C05
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322C24
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E63210F0: HeapAlloc.KERNEL32(?,?,00000000,00007FF7E6322CFA,?,?,7FFFFFFFFFFFFFFF,00007FF7E6312289,?,?,?,?,00007FF7E6321254), ref: 00007FF7E6321145
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322C4C
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6321220: HeapFree.KERNEL32 ref: 00007FF7E6321236
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6321220: GetLastError.KERNEL32 ref: 00007FF7E6321240
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322C5D
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7E6311B3B,?,?,?,00007FF7E6323EED), ref: 00007FF7E6322C6E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 570795689-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3d7eaaf67ed19c944edabe8e0dcd489f3af8a0447623fcd7bfec97d79bc180fe
                                                                                                                                                                                                                                                                            • Instruction ID: 26b4b4f34e3ebb1c23d76a675a6ad9e16afc209f9de7b722a8bdf6dfa27637d6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d7eaaf67ed19c944edabe8e0dcd489f3af8a0447623fcd7bfec97d79bc180fe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1415B50E2864341FA697B21AD1137BD1838F657B0FC8873EE93D0A6D6DE3CB84042B2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6293640 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateEqualErrorInitializeLast
                                                                                                                                                                                                                                                                            • String ID: AllocateAndInitializeSid
                                                                                                                                                                                                                                                                            • API String ID: 1751546778-3342039254
                                                                                                                                                                                                                                                                            • Opcode ID: 1c89ddf425d2d028361356093f948675dee4d3264adf84743e5bf2ba37bb02bd
                                                                                                                                                                                                                                                                            • Instruction ID: 7e58e3da733f0f2710bf9063446e1b41f0d7d874423f33d74a831fabe754d4f0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c89ddf425d2d028361356093f948675dee4d3264adf84743e5bf2ba37bb02bd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4B14272A24B418AEB20DF29EC903DA77A4FB94B84F904137EA4D87B68DF38D544C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A1820 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 95fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                            • String ID: \\.\ASWSP_Open$\\.\AVGSP_Open$\\.\AVRSP_Open$\\.\NLLSP_Open$mtps
                                                                                                                                                                                                                                                                            • API String ID: 1177325624-1521275592
                                                                                                                                                                                                                                                                            • Opcode ID: 13bac28d6854c21b6595c63f76c6bba8fb156956d2247a194ec2b0757dc17a10
                                                                                                                                                                                                                                                                            • Instruction ID: ed6fc3f0d96d13a909f444f3a776c23a99fae132c26eb4363ebd284df1005920
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13bac28d6854c21b6595c63f76c6bba8fb156956d2247a194ec2b0757dc17a10
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5513B3651C7828AE3609B10F84836BF7A4F7857B0F90063AE69D42BA8DFBDD044DB11
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9EE8EF0 Relevance: 16.7, APIs: 11, Instructions: 209COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$CapsDeviceReleaseSelect$EnumFamiliesFontMetricsText
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4007977802-0
                                                                                                                                                                                                                                                                            • Opcode ID: ffb9d3f4ca10275a5d686bcca3d82fc54a42b2e8884e3f34bc4de34b661fa361
                                                                                                                                                                                                                                                                            • Instruction ID: 3750c55257e22ce9768f51c36bbe9b6d9274674664a00a8e64d1541acc8353fe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffb9d3f4ca10275a5d686bcca3d82fc54a42b2e8884e3f34bc4de34b661fa361
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0691F222F0A6828AEB14DF11A8A4A7977A1FB48B88F464135DE6E477DCDF3DD440C701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E69930 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ByteCharCloseHandleMultiViewWide$FlushPointerUnmap
                                                                                                                                                                                                                                                                            • String ID: Could not flush memory to disk.
                                                                                                                                                                                                                                                                            • API String ID: 3763602750-1683962931
                                                                                                                                                                                                                                                                            • Opcode ID: e1453ade5c2641b24102dc59557292cb11bfe8e35f22fc0ec8adb97e8a90cd17
                                                                                                                                                                                                                                                                            • Instruction ID: 96b1b69ded2a46c39ab1b7468cdbf0dcd06ec621b01bcca13632efcf1e21f3fc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1453ade5c2641b24102dc59557292cb11bfe8e35f22fc0ec8adb97e8a90cd17
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21815E22F15A4285FB14CF61E8A0AA967A4BF48BA8F095135DE6E177EDDF3CE445C300
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61588B0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                            • String ID: bad locale name$false$true
                                                                                                                                                                                                                                                                            • API String ID: 4121308752-1062449267
                                                                                                                                                                                                                                                                            • Opcode ID: 7038a5e46a8b663f72cc9c16ee54f523151877c96366e3035f776740540c16ad
                                                                                                                                                                                                                                                                            • Instruction ID: dbd3b6404168260aa21729de82d2c99d8b5754e2b4ebbebbb46ff7c5bb94a622
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7038a5e46a8b663f72cc9c16ee54f523151877c96366e3035f776740540c16ad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6461B132A297418AE751EF64E8503AEB3B5EF94744F48013ADE8C23A9ADF38E451C355
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E8FFE0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Create$LongUnicode
                                                                                                                                                                                                                                                                            • String ID: -HTMLAYOUT-TOOL$-HTMLAYOUT-TOOL-W$HTMLAYOUT-TOOL$HTMLAYOUT-TOOL-W$RUNTIME ERROR: unable to create popup window.
                                                                                                                                                                                                                                                                            • API String ID: 3856304439-2965759816
                                                                                                                                                                                                                                                                            • Opcode ID: e3a27a502394ab8a0fec9cc4b90a3749568c97236f799dc748e0de72fd98ec6e
                                                                                                                                                                                                                                                                            • Instruction ID: 3b3a5da878c3756c3887e00382fee0298ff97a5979413598a198d12eb22bc955
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3a27a502394ab8a0fec9cc4b90a3749568c97236f799dc748e0de72fd98ec6e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07517432B09645C6E718CF25E860A7837A1FB44BA9F554235EA6E037E8DF3DD881CB01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6291F50 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                                                                                                                                            • String ID: GetModuleHandleW ({})$GetProcAddress ({})$NtQueryInformationProcess$Unable to retrieve basic process information!$ntdll
                                                                                                                                                                                                                                                                            • API String ID: 1762409328-3868107524
                                                                                                                                                                                                                                                                            • Opcode ID: 7275592e3d1e78306718388a586dfad0c7ef8bed03c10d6d026e0b0caff77acd
                                                                                                                                                                                                                                                                            • Instruction ID: 6c1b4ec2fd60bdffb28f350ea48ddef7e31245a5075cbdb375d88259124825cd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7275592e3d1e78306718388a586dfad0c7ef8bed03c10d6d026e0b0caff77acd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42414D61A28B4681EA60EB10FC547ABF3A4FF94744FD04037E58D46669EF3CE148C761
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E56040 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$DeleteSelect$PaintViewportWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 644032327-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: d6959a74546adbf7c3c2dbdda886a1304d129828dbe93b65badcbaf83d8fd773
                                                                                                                                                                                                                                                                            • Instruction ID: c9302c9c1616c8ae2af40d51f7ad063ff4c4eb407883351636698cdb83c2f8e1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6959a74546adbf7c3c2dbdda886a1304d129828dbe93b65badcbaf83d8fd773
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E21F876B14A458ADB54DF35E4A4A297760FB88F98F448135DE9D43B6CCF38D485CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E65870 Relevance: 15.2, APIs: 10, Instructions: 202windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CtrlMessageSend$ParentWindow$Rect
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3091584759-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5f5ca5fe3523f18062e6f2a93de6c3db7de9c8be5b09f51dedead622610958fa
                                                                                                                                                                                                                                                                            • Instruction ID: 144cccf3d277023b5774a1dfbfb612ea6b7c7fe73ecfcd171698dca439a4bd76
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f5ca5fe3523f18062e6f2a93de6c3db7de9c8be5b09f51dedead622610958fa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39914B32B09A458AEB18CF21D960AAD33A0FB49B98F004436DE6E577ACCF3DE555C741
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9EF68D0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 217fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDFA03BA7C: CreateFileW.KERNEL32 ref: 00007FFDFA03BAD0
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDFA03BA7C: GetFileSize.KERNEL32 ref: 00007FFDFA03BAE4
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDFA03BA7C: CreateFileMappingA.KERNEL32 ref: 00007FFDFA03BB21
                                                                                                                                                                                                                                                                            • FlushViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF9EF6B4B
                                                                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF9EF6B64
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF9EF6B72
                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF9EF6B94
                                                                                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF9EF6B9D
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF9EF6BA6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleView$FlushMappingPointerSizeUnmap
                                                                                                                                                                                                                                                                            • String ID: Could not flush memory to disk.$file://%s
                                                                                                                                                                                                                                                                            • API String ID: 409709207-3906887048
                                                                                                                                                                                                                                                                            • Opcode ID: 0aa6a19ba304f1296970b8ac80788be4c3d4e10c03559670a150c78ed8812ac7
                                                                                                                                                                                                                                                                            • Instruction ID: df1f29da3d4ec350f308f0c30593adc15db5e866b100896698870220a2457f4f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0aa6a19ba304f1296970b8ac80788be4c3d4e10c03559670a150c78ed8812ac7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED919222F19A468AFB14DF61E9A05FC2375AB44BACF404232DE2E17ADDDF39E4558340
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9ED4E60 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 214libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$Select$AddressCompatibleCreateDeleteLibraryLoadProc
                                                                                                                                                                                                                                                                            • String ID: AlphaBlend$Msimg32.dll
                                                                                                                                                                                                                                                                            • API String ID: 1553575486-1584225664
                                                                                                                                                                                                                                                                            • Opcode ID: 8667c589a7afcb15f25208498ab3cf2e046de6812832ad5e469a0cdaecaae4c7
                                                                                                                                                                                                                                                                            • Instruction ID: 5c589314dadb6dec7ed7431911875b2c573bd32196a50e061ac7730af9f83aa7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8667c589a7afcb15f25208498ab3cf2e046de6812832ad5e469a0cdaecaae4c7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DA17E33B097958AE714CF29E854AAD77A4FB88B84F154026DE5E53BACCF38E445CB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E629FE40 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CurrentFileMappedNameProcess
                                                                                                                                                                                                                                                                            • String ID: Unable to get the path of the module!$Unable to retrieve the path of the module!$Unable to store the path of the module!
                                                                                                                                                                                                                                                                            • API String ID: 1207367512-2385983247
                                                                                                                                                                                                                                                                            • Opcode ID: 0d9f27b200586d2be856b1df89d4843ffc8f5a393081953dc0bb690f18de53bc
                                                                                                                                                                                                                                                                            • Instruction ID: d447bcc68f9d5341467c24c3ebbf9f0540c6aa78048c0ec1ab91de57a6c0b25d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d9f27b200586d2be856b1df89d4843ffc8f5a393081953dc0bb690f18de53bc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E61C432A2CAC281E660EB10E8503EFE360FBA8784F805136D6CC47A59DF7CE585CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E84FF0 Relevance: 13.6, APIs: 9, Instructions: 96windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$FocusRectShow$LongMoveParent
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4135828658-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6bdd4bf070169ead557975b1c267524dc81210e25fcec65cc28e58d2e432384c
                                                                                                                                                                                                                                                                            • Instruction ID: 209b3cdfc0ad27f0a63aff057f2e7b3ea02f99470c706974639074632ef08167
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bdd4bf070169ead557975b1c267524dc81210e25fcec65cc28e58d2e432384c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6417132B186418BD764CF65F964A2977A1FB45784F118175DABE03B9CCF3EE8458B00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9ED1D30 Relevance: 13.6, APIs: 9, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$DeleteRectSelectStock$ClipIntersectSaveVisible
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1353815414-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4397cd986a8753699676aedc5ef3d4b893058a32d08c8423cf1aa7fc0bd12b46
                                                                                                                                                                                                                                                                            • Instruction ID: 3a708021bae6b5253a05fa35d72520cf81c0739b81d99627a2e87407b76978a9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4397cd986a8753699676aedc5ef3d4b893058a32d08c8423cf1aa7fc0bd12b46
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92310B36B09A858BDB54DF15F5A4529B7B0FB88B94F404025EF9E83B58DF3CE4918B00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9ED0E40 Relevance: 13.6, APIs: 9, Instructions: 53COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$SelectStock$AlignModeText
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 120275662-0
                                                                                                                                                                                                                                                                            • Opcode ID: 20d4aa56110a090100b6536145906f7eae33c8c6d8754a5993a9cfad8f89b3fb
                                                                                                                                                                                                                                                                            • Instruction ID: 6c0b1bbd4ad127afc0f06eb0fd9f73ec6777a50a4b1f62f756fa4196eb7e60d2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20d4aa56110a090100b6536145906f7eae33c8c6d8754a5993a9cfad8f89b3fb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A821E736A09B4586EB48DF21E46462977B4FB88F58F058075CE5E473A8DF3DD884C741
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E63126C8 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                            • String ID: 0$f$p$p
                                                                                                                                                                                                                                                                            • API String ID: 3215553584-1202675169
                                                                                                                                                                                                                                                                            • Opcode ID: eccfc20f056644323496d94e0c606795d562fcc8b03659951e14f07dad6b3ffc
                                                                                                                                                                                                                                                                            • Instruction ID: 489d959d800b8b027a3bf1a4fa866b10f3b464390516877850b91a7998a29bc9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eccfc20f056644323496d94e0c606795d562fcc8b03659951e14f07dad6b3ffc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A12A1A1E2814386FB347A15D8443BBF691EB60754FC4813BEA99476C8DF3CE5C09B26
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E616A050 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                            • String ID: bad locale name$false$true
                                                                                                                                                                                                                                                                            • API String ID: 3230409043-1062449267
                                                                                                                                                                                                                                                                            • Opcode ID: 83b6fbb91580c4a65f390deaad21a8ad88b05065a89ba7b650b01aa34ad6f2b5
                                                                                                                                                                                                                                                                            • Instruction ID: 350608983c93a5c9ab9899e7eedf93c2d93a07537ff16153c233938646c437e5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83b6fbb91580c4a65f390deaad21a8ad88b05065a89ba7b650b01aa34ad6f2b5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8819632A19B8185E711EF30E8403EEB7A4FF94744F54413AEA8D17A5ADF38D590C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA03BB90 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$CloseHandleView$FlushPointerUnmap
                                                                                                                                                                                                                                                                            • String ID: Could not flush memory to disk.
                                                                                                                                                                                                                                                                            • API String ID: 519454899-1683962931
                                                                                                                                                                                                                                                                            • Opcode ID: ec4e2684c4bb911e20722ca3fd1a75787e63573ec4145c91333ce21edfeb93cb
                                                                                                                                                                                                                                                                            • Instruction ID: 3fb1de35b3fc60b25496a8a6e4ed2290996d051f17bd640340debcce53bff541
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec4e2684c4bb911e20722ca3fd1a75787e63573ec4145c91333ce21edfeb93cb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9210762B18A4686EB388F20E4B5B3822A0EF45B5CF154275C96D4A0DCDF7CD8D5C340
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E630D0FC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                            • String ID: f$p$p
                                                                                                                                                                                                                                                                            • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                                                                            • Opcode ID: 80d8a9cba0b2958c1a2a082f2cb42fc497e904ebda20bc47e48a5768b67501fb
                                                                                                                                                                                                                                                                            • Instruction ID: 0c23777adf4915bff256f655ff1aa139833864f3cdcc7e32765b7d0ef662cbcd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80d8a9cba0b2958c1a2a082f2cb42fc497e904ebda20bc47e48a5768b67501fb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA12B661A2C14385FBA4BF15E84437BF6D1EB6075AFC4413BD6CA466C8DE3DE4488B22
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E6A120 Relevance: 10.7, APIs: 7, Instructions: 203COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$Select$Stock$AlignDeleteText$ModeRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3346625119-0
                                                                                                                                                                                                                                                                            • Opcode ID: 66e791ad7f2512c0bed776c04b19c3ea74b6e2c1127849c8b800c78c837d904f
                                                                                                                                                                                                                                                                            • Instruction ID: 8b97c5951703571879e34a4ab775f1ca7bdfdc40afeee8785728b22bb670730c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66e791ad7f2512c0bed776c04b19c3ea74b6e2c1127849c8b800c78c837d904f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AA14C33F19B818AE754CF65E89066DB7A1FB88798F005125EA9E13BACDF78D445CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E878F0 Relevance: 10.7, APIs: 7, Instructions: 180COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$Select$DeleteStock$AlignText$CompatibleCreateModeRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3369458553-0
                                                                                                                                                                                                                                                                            • Opcode ID: a891d7145882e6ad57906125c3e28888611580f8e5322457f2f133010296040e
                                                                                                                                                                                                                                                                            • Instruction ID: 74881d9ee19861948d1dfde2a4b2d7fb23686fd3a6fb71dcedd86b878598573c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a891d7145882e6ad57906125c3e28888611580f8e5322457f2f133010296040e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71915073E19B818AE740CF64E8907ADB7B1F788758F105125EAAD53A9CDF39E490CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E69E70 Relevance: 10.7, APIs: 7, Instructions: 174COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$Select$Stock$AlignDeleteText$ModeRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3346625119-0
                                                                                                                                                                                                                                                                            • Opcode ID: 76150faadf6d74056e290d295bc84678eda9428d991f917c3c89932d039c2be1
                                                                                                                                                                                                                                                                            • Instruction ID: e5b574eeaf610615a888fd218459974abe8cbda1287e8ca84cefeea2cb96e533
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76150faadf6d74056e290d295bc84678eda9428d991f917c3c89932d039c2be1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D810A33F19B818AE740CF65E89066EB7A1FB88758F015225EE9D53A9CDF78D485CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E5AD10 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileTemp$CursorFromLoadNamePath
                                                                                                                                                                                                                                                                            • String ID: cur$wb+
                                                                                                                                                                                                                                                                            • API String ID: 2710153881-2052460546
                                                                                                                                                                                                                                                                            • Opcode ID: eda999a48203e9b3c00245e82114b8f2fa3e7402ac1ffc3bb0970bec5c78957f
                                                                                                                                                                                                                                                                            • Instruction ID: 377fd2fe0f137d67436a866b722fa3175b053e9cb8feb774b9e507350362ca8f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eda999a48203e9b3c00245e82114b8f2fa3e7402ac1ffc3bb0970bec5c78957f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1071B672F0AA4285EBA49F10E8A0AB86361FF44BA8F454131DA7E476DCDF3DE844C311
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9EE9240 Relevance: 10.7, APIs: 7, Instructions: 152COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00007FFDF9EE92BD
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDFA0D3F88: AcquireSRWLockExclusive.KERNEL32 ref: 00007FFDFA0D3F98
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDFA0D3F88: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FFDFA0D3FD8
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00007FFDF9EE92E2
                                                                                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00007FFDF9EE939C
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00007FFDF9EE9422
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00007FFDF9EE944A
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 00007FFDF9EE946B
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDFA0D3FF4: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FFDF9E565E9), ref: 00007FFDFA0D4004
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00007FFDF9EE9499
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$ExclusiveLock$AcquireEnterInitializeLeave$DeleteObjectRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2258696684-0
                                                                                                                                                                                                                                                                            • Opcode ID: dd6a0c9192553ed3d6911a5d70a3a0974029d8797fbe53987d9a18608cfd2421
                                                                                                                                                                                                                                                                            • Instruction ID: dfb978293811433dcc83941b008f2d2d2a1e36b305d033f32b2c786e6d7a63df
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd6a0c9192553ed3d6911a5d70a3a0974029d8797fbe53987d9a18608cfd2421
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46716D32F19B0299EB04DB60E860ABC33B5EB44748F4151B6DE6D526EDDF3CA59AD300
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E91E30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: DISPLAY
                                                                                                                                                                                                                                                                            • API String ID: 0-865373369
                                                                                                                                                                                                                                                                            • Opcode ID: 358b16e3c623c49d03856ba94773be9feb10b956b46ef271584ee3f311921d7c
                                                                                                                                                                                                                                                                            • Instruction ID: 84c21bcca5439abdf77db5ce0b2b015003f907a7442b5168a20460d981008bca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 358b16e3c623c49d03856ba94773be9feb10b956b46ef271584ee3f311921d7c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF613F33F196858AEB54CF65E890AAD77A0FB84788F448035EA5E47B9CDF38E544CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6144660 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                                                                                                            • API String ID: 1386471777-1405518554
                                                                                                                                                                                                                                                                            • Opcode ID: 1d216b6f5995db795b3b2128555a8d78bb62985f4ee1f436ba2dcae7da28d93a
                                                                                                                                                                                                                                                                            • Instruction ID: 4617d01e2d3fa3ec1fa761378b10ffd9ba2ff32533a640c386731c2f264b572b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d216b6f5995db795b3b2128555a8d78bb62985f4ee1f436ba2dcae7da28d93a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7518F22B19B818AEB11EF70E8502AEB375EF54744F444136DF8D23A5ADF38E4668351
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E5EC80 Relevance: 10.6, APIs: 7, Instructions: 85timewindowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: KillTimer$ClickCountCtrlDoubleMessageParentSendTickTime
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4083620262-0
                                                                                                                                                                                                                                                                            • Opcode ID: 11b6f1ef3ac51af7eec95751cdfb20dd6c7c3225f1e2c03661d43cf92a10cec6
                                                                                                                                                                                                                                                                            • Instruction ID: 10a9edd2ae9358fb7da46bc87eba322d9b03db2f96c06dd586b0c969abc8693e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11b6f1ef3ac51af7eec95751cdfb20dd6c7c3225f1e2c03661d43cf92a10cec6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A415132B09B8597DB18CF25E96466973A0FB88795F100139DBAE43798CF3CE455CB01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E56EC3 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$Leave$Value$EnterHookUnhookWindows
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1904704018-0
                                                                                                                                                                                                                                                                            • Opcode ID: fea04cd36470748b934d21915401d02c057c5dcb955f65e2760876d03ee4f74b
                                                                                                                                                                                                                                                                            • Instruction ID: f23b52a6a4929c61e123d2f749d2e423f6b4246c2db28bc7fbfe10c74e340df9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fea04cd36470748b934d21915401d02c057c5dcb955f65e2760876d03ee4f74b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2315026F06A0586EB49DF25E9A453863A5BF45FA9B054031CD2E437EDDF3DD446C301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9EDEA10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateObjectSelect$CompatibleDeleteSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1921846281-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: 63df13dad9187d17600eaa5c2d2291a23636cf86c904a231afe644d1760e6f1a
                                                                                                                                                                                                                                                                            • Instruction ID: e3ca4f56927071a9f3513be84b37501b61106492ad6ccc1cee1e7a0f8ff45636
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63df13dad9187d17600eaa5c2d2291a23636cf86c904a231afe644d1760e6f1a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77216B33B147948AD758CF6AE898A6977A4F789BD0F028039DE5D43B58EF38D485CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E629ED20 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629E2A0: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E629FA9B), ref: 00007FF7E629E2D0
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629E2A0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E629FA9B), ref: 00007FF7E629E2DE
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629E2A0: GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E629FA9B), ref: 00007FF7E629E2F8
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629E2A0: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E629FA9B), ref: 00007FF7E629E310
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32 ref: 00007FF7E629ED77
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00007FF7E629ED95
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00007FF7E629EDD6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CreateFile$AttributesDirectory
                                                                                                                                                                                                                                                                            • String ID: *$Unable to create directory '{}'!$Unable to open directory '{}' for writing!
                                                                                                                                                                                                                                                                            • API String ID: 2112330871-2911474180
                                                                                                                                                                                                                                                                            • Opcode ID: 75f73bbb606b49f80edec4422a8deb18f8cd75d436f400d42239909476a5d86b
                                                                                                                                                                                                                                                                            • Instruction ID: 0e9cbcce2a3011437c924d6a6cc998ab5fc6df07ae4fe72b71eb3f929d610290
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75f73bbb606b49f80edec4422a8deb18f8cd75d436f400d42239909476a5d86b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35219132918A4282EA20EB10F8547ABB364FB91354F904636D6AC47A98DF7CD14DC761
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9ED1E70 Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$DeleteSelectStock$Restore
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1965476268-0
                                                                                                                                                                                                                                                                            • Opcode ID: d8c829ca34858781974fe1055a85c747349356ce120b24be9840c50295681b24
                                                                                                                                                                                                                                                                            • Instruction ID: 2613afde2198d9a99da70756f06dddb1b930ec7647a88011c0295ba1d8db58ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8c829ca34858781974fe1055a85c747349356ce120b24be9840c50295681b24
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1211D26F0AA4286EF58DF11E4A462963A1EF88F85F094075DE2E0739CDF3DE8818741
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9ED0F30 Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$Select$Delete$AlignReleaseText
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2724912489-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1c848aa1e7e1d619c17e8305ae4828f57f9b039607acc1f5b37222993f8ae57b
                                                                                                                                                                                                                                                                            • Instruction ID: 822e63375a53426e2670e069747e62a639f83025d61cb403132d69a25c37f8bc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c848aa1e7e1d619c17e8305ae4828f57f9b039607acc1f5b37222993f8ae57b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34211676B05A4586EB54CF25D4A472867A0FB88F89F098076CE5E073ACDF3CD885C741
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA12C05C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                            • Opcode ID: 61c7f9d67f1748150c89e7948b3a2b97e78f0e4595999dbdc5ac83b3dcc9c3b1
                                                                                                                                                                                                                                                                            • Instruction ID: 1647bfffe22111083f2b12f3338ce274135a892069a62639b0eb06a6b5ff2f66
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61c7f9d67f1748150c89e7948b3a2b97e78f0e4595999dbdc5ac83b3dcc9c3b1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08119322B18B5286E7548B16E864B29A2A4FB88BE4F454274DE3D87BD8DF7CD8448740
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E939F8 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 36registrywindowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageRegisterWindow
                                                                                                                                                                                                                                                                            • String ID: English$HTMLayoutTransferFocus$HTMLayoutWhois$L#'
                                                                                                                                                                                                                                                                            • API String ID: 1814269913-115249506
                                                                                                                                                                                                                                                                            • Opcode ID: 94b68b436db08bb716ab3e7eb86fb57a5b277aa08f41482d94d2094d997d837d
                                                                                                                                                                                                                                                                            • Instruction ID: bb9d375c26c941c648814e1dba9eccf2cfdf1e4702a7f2c24943951220716281
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94b68b436db08bb716ab3e7eb86fb57a5b277aa08f41482d94d2094d997d837d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A111C21F4BA4284FB599F6498B0A7827A4AF50B48F446176C52F572DDDF6E64418301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9EAFC70 Relevance: 9.2, APIs: 6, Instructions: 189COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$Select$CreateDeleteFont
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1981917228-0
                                                                                                                                                                                                                                                                            • Opcode ID: 63f2255a362e5effeb8ce718814d9dc92c5f06ce4150bb479556483864ffa07f
                                                                                                                                                                                                                                                                            • Instruction ID: c5d6f5b032847765e7e1986bf593e5d1fe9be54aaf2258b32e1c68d87caeb6ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63f2255a362e5effeb8ce718814d9dc92c5f06ce4150bb479556483864ffa07f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50818DB7A04A818ADB14CF26D490AAC7BB1FB88F98B114235DE5E477ACDF39D840C740
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E57F3E Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeaveLongWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1534508445-0
                                                                                                                                                                                                                                                                            • Opcode ID: 13c773e0f6de8768aa64a1e220a9d7418e0a23346b7c4463fa10aa6f1b5dd5ef
                                                                                                                                                                                                                                                                            • Instruction ID: 1569c268f04c02d0c0ea41c6340f8dd10863ddb1a9156b4ac96d88d1dab9f749
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13c773e0f6de8768aa64a1e220a9d7418e0a23346b7c4463fa10aa6f1b5dd5ef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44513922B05B8197DB0DCB25EAA46A8A7A8FB45B54F014035CB6E137A9DF38E175D301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E8EDF0 Relevance: 9.1, APIs: 6, Instructions: 114COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Concurrency::cancel_current_taskDestroyParentUpdate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2364769541-0
                                                                                                                                                                                                                                                                            • Opcode ID: a7c067003c3d4c08bf214ecbe4470b6404458914b4d6881ebe354217d1920138
                                                                                                                                                                                                                                                                            • Instruction ID: 768bc3029f2b2f54981588d7c26c035684cd4eb65ad253ee26b14bb3d43d9e77
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7c067003c3d4c08bf214ecbe4470b6404458914b4d6881ebe354217d1920138
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C415836B09B4A86EB18DF15E8A0A3963A4FF89F80F554075DAAE437A8CF3DD445C701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E57AC0 Relevance: 9.1, APIs: 6, Instructions: 100timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Timer$ClickClientCriticalDoubleLeaveLongScreenSectionTimeWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3215539043-0
                                                                                                                                                                                                                                                                            • Opcode ID: b7a96c2a6b7eaeeae8c07e776dbec71e7702ea1a15d5ec119fe0ec3b9655c8a2
                                                                                                                                                                                                                                                                            • Instruction ID: 0175e930e89b58ecaa8a2342934088eaf4e4971f177b9f63b588d49ddbbb24a6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7a96c2a6b7eaeeae8c07e776dbec71e7702ea1a15d5ec119fe0ec3b9655c8a2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D41A132B056858BD799CF34D9A4A6977A4FB48BA8F014131DF2E837A8CF39E855C700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6157790 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Locinfo::_Locinfo_ctorRegister
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3702003507-0
                                                                                                                                                                                                                                                                            • Opcode ID: 662b36f7610baf8c0a618381952d51a5e6f0a5c96a5d2f0f6d126e2e2c85da2d
                                                                                                                                                                                                                                                                            • Instruction ID: 81a25582f09cad8c91256d34ad5f203cebcb31a2af90d31c6b92d506a337d858
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 662b36f7610baf8c0a618381952d51a5e6f0a5c96a5d2f0f6d126e2e2c85da2d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13417B62E28B4280EA51BB15F84127BE7A0FF98BD0F848132EA5D07799DF3CE555C712
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E5830A Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Color$BrushCreateCriticalDeleteLeaveObjectSectionSolidText
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2652430139-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5507ab0b38c8b37fea0e3aa5ae66cd3080a7f13462aab2f5e34142105ea926d5
                                                                                                                                                                                                                                                                            • Instruction ID: dd99b13b62e23a8aeb94f5b17b8ae2f24723ffbd45ea780872caa881dbd28a68
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5507ab0b38c8b37fea0e3aa5ae66cd3080a7f13462aab2f5e34142105ea926d5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57312A26F0AA068AEB5D9F2599A0A7857A1BF88BA9F054031CD2F437EDDF3DD4458201
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E57CA2 Relevance: 9.1, APIs: 6, Instructions: 78timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AsyncState$KillTimer$ClickClientCountCriticalDoubleLeaveScreenSectionTickTime
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2332058121-0
                                                                                                                                                                                                                                                                            • Opcode ID: 29bc7f191e2fc2bec0ade26caee00981a51b0f714678e94f3698e372bde0d43a
                                                                                                                                                                                                                                                                            • Instruction ID: 67a84493eefda907d4b07fb3f14fb8cdf542a13772891117f6fceaef141e0e7b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29bc7f191e2fc2bec0ade26caee00981a51b0f714678e94f3698e372bde0d43a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93319E36B05A4587EB1DCF35DAA467C63A0FB48BA8F014136DA2E437A8CF39E455C701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E57BEF Relevance: 9.1, APIs: 6, Instructions: 70timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClickDoubleTime$ClientCountCriticalLeaveScreenSectionTickTimer
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1680461691-0
                                                                                                                                                                                                                                                                            • Opcode ID: daedc93f9b0f9377b8913dd96f390edcb28f9bb76937948f46290f5773bd83ef
                                                                                                                                                                                                                                                                            • Instruction ID: 1f085bdb41791351a5223c045280436b7a0bf13f1e01a2becd47f3f06a6c4c83
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: daedc93f9b0f9377b8913dd96f390edcb28f9bb76937948f46290f5773bd83ef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09314F32B0564587EB1DDF25EAA4AA873A0FB48B99F014036CA2E437A8DF39E455C700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6157FF0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1ffb996c524525d8d5bcc18bbca8c6f531bfc0979955dc5d76838c5c6660ed8a
                                                                                                                                                                                                                                                                            • Instruction ID: 01c1ad2faa241b1edb287fb5e1940ba7c89899f7015e92ff100a1b561dfcfbf7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ffb996c524525d8d5bcc18bbca8c6f531bfc0979955dc5d76838c5c6660ed8a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53315021A29A0280EA51BB15FC4136BE3A0FF88BE4F844133EA5D477A9DF3CE5558712
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61558F0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                            • Opcode ID: ff03e63e51b8faf6e837eb1bb25b861a8d8e82c4bcda496526ce33effc277d7b
                                                                                                                                                                                                                                                                            • Instruction ID: 7ed6563aebaa12ff7c28bcf62af98bbfd5c24aa3340728c3e45f255fa6960db6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff03e63e51b8faf6e837eb1bb25b861a8d8e82c4bcda496526ce33effc277d7b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20314461A28A4280EA55BB15FC4036BE3A0FF88BE4FD44133EA5D477AADF3CE5158711
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E910B0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Viewport$ClipIntersectModeRectWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 694020364-0
                                                                                                                                                                                                                                                                            • Opcode ID: d6d5cbcc393cd81bda433c4566a9d78cfde7b3f3e46090bab2bbe8654e2b34c3
                                                                                                                                                                                                                                                                            • Instruction ID: 4582c3310f59722fb83c5e1285060c68634997237a43b1d34b20dd241b5ad344
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6d5cbcc393cd81bda433c4566a9d78cfde7b3f3e46090bab2bbe8654e2b34c3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1210C77B046848BD358CF16EA5091AB7A1F789B84B14C125DF9943B28DF3CE4558B40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9F09C70 Relevance: 9.1, APIs: 6, Instructions: 60sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09C95
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09CD6
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09CE8
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09D1C
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09D34
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09D3F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$EventSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2153927836-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7278a1362f3d4346be7c0b85785ddb1b928e599313cddfab48fe39b61ad57e52
                                                                                                                                                                                                                                                                            • Instruction ID: 1da05ee8e5686c1d29174db6bce76f64dcf3477f3bb2384d9957281d0b2bcbaf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7278a1362f3d4346be7c0b85785ddb1b928e599313cddfab48fe39b61ad57e52
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E211C36B05A4687EB14CF15E96062AB7B4FB84B90F494171CBAE437A8DF3CE485C701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E5EE00 Relevance: 9.1, APIs: 6, Instructions: 56timewindowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClickDoubleFocusTime$CountTickTimer
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4271707189-0
                                                                                                                                                                                                                                                                            • Opcode ID: e6ea3cd6f6ed46200b57cce51b38b74ec444973dba5559de59e7c135013afb7b
                                                                                                                                                                                                                                                                            • Instruction ID: 536e4973d6d12af5d70fc7016431f5492856701db7b2c2ea7b2bd4e13d107023
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6ea3cd6f6ed46200b57cce51b38b74ec444973dba5559de59e7c135013afb7b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D214C72B087859BDB1CCF25E998A69B7A0FB88794F048135DB9D43758CF3CE4658B40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A1080 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindVolumeClose.KERNEL32 ref: 00007FF7E62A1598
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCDF0: AcquireSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E6148681), ref: 00007FF7E62FCE00
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCD80: AcquireSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E61486BC), ref: 00007FF7E62FCD90
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCD80: ReleaseSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E61486BC), ref: 00007FF7E62FCDD0
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCDF0: SleepConditionVariableSRW.KERNEL32(?,?,0000021D4582AC90,00007FF7E6148681), ref: 00007FF7E62FCE25
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62A0A50: FindFirstVolumeW.KERNEL32 ref: 00007FF7E62A0AA7
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62A0A50: QueryDosDeviceW.KERNEL32 ref: 00007FF7E62A0B41
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62A0A50: FindNextVolumeW.KERNEL32 ref: 00007FF7E62A0B99
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62A0A50: GetLastError.KERNEL32 ref: 00007FF7E62A0BA7
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62A0DF0: GetVolumePathNamesForVolumeNameW.KERNEL32 ref: 00007FF7E62A0EA4
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62A0DF0: GetVolumePathNamesForVolumeNameW.KERNEL32 ref: 00007FF7E62A0EE8
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E614DE60: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E614DEC1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Volume$ExclusiveFindLock$AcquireNameNamesPath$CloseConditionDeviceErrorFirstLastNextQueryReleaseSleepVariable_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                            • String ID: WSL Process$\Device\LanmanRedirector\$\Device\Mup\$\SystemRoot\
                                                                                                                                                                                                                                                                            • API String ID: 770235595-1440995083
                                                                                                                                                                                                                                                                            • Opcode ID: d84e06f6e92887e83e17f815157035bfd9511acfa24777e082167cf64d071675
                                                                                                                                                                                                                                                                            • Instruction ID: 87766c117763668fc406e25c5009b15b329674d84aab45d1680ce888ed519547
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d84e06f6e92887e83e17f815157035bfd9511acfa24777e082167cf64d071675
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6DD1C662A28B8281EA60EB11FC443BBF365FB95794F805133DA8D436A5EF7CE544C712
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61B5690 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 253synchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6147380: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E61473E0
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6147380: LeaveCriticalSection.KERNEL32 ref: 00007FF7E6147421
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7E61B57AD
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00007FF7E61B57CF
                                                                                                                                                                                                                                                                            • __std_exception_destroy.LIBVCRUNTIME ref: 00007FF7E61B5A38
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1B4
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1D5
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: LeaveCriticalSection.KERNEL32 ref: 00007FF7E629D1FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$CriticalHandleLeaveSection$ChangeEventFindNotificationObjectSingleWait__std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID: Attempt to unload a module which is still used by another$lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                            • API String ID: 2856244963-1128605786
                                                                                                                                                                                                                                                                            • Opcode ID: 54ba76a64a2190d746729db9a3f921491b568294d5f63556e97e29fd89b8fb9d
                                                                                                                                                                                                                                                                            • Instruction ID: 2fdab1e98c75cc2c672ca088b8a19d146ac7669b2c4098abc1ca053a4b9b8486
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54ba76a64a2190d746729db9a3f921491b568294d5f63556e97e29fd89b8fb9d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BB1B032A28B42C5EB11EF21E8803AEB3A4FB84B94F944036EA4D47795DF3CD455C761
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61B66C0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 253synchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6147380: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E61473E0
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6147380: LeaveCriticalSection.KERNEL32 ref: 00007FF7E6147421
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7E61B67DD
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00007FF7E61B67FF
                                                                                                                                                                                                                                                                            • __std_exception_destroy.LIBVCRUNTIME ref: 00007FF7E61B6A68
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1B4
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7E614E4F1), ref: 00007FF7E629D1D5
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D160: LeaveCriticalSection.KERNEL32 ref: 00007FF7E629D1FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$CriticalHandleLeaveSection$ChangeEventFindNotificationObjectSingleWait__std_exception_destroy
                                                                                                                                                                                                                                                                            • String ID: Attempt to unload a module which is still used by another$lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                            • API String ID: 2856244963-1128605786
                                                                                                                                                                                                                                                                            • Opcode ID: 103cf3f63c17bd5cf2d60dd7ba8464ac5ea466b0ef534297f017ef2c52bc5aa3
                                                                                                                                                                                                                                                                            • Instruction ID: 1829c16a4c0133d578b4997360ac67fdd80b09f4b7d3f2adc1318f0c72876030
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 103cf3f63c17bd5cf2d60dd7ba8464ac5ea466b0ef534297f017ef2c52bc5aa3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2B1A132A28F41C5EB11EF21E8802AEB3A4FB94B84F944436EA4D077A5DF3CD455C791
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E629E7F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$EnvironmentExpandStrings
                                                                                                                                                                                                                                                                            • String ID: %TMP%$Unable to expand %TMP{} environment variable!
                                                                                                                                                                                                                                                                            • API String ID: 2871630417-2940734617
                                                                                                                                                                                                                                                                            • Opcode ID: 457ea91f944cae8393c674447593137c17638e59b6cdb02e683d964a588385d5
                                                                                                                                                                                                                                                                            • Instruction ID: 0cf9502850bb884ad1ab83bb356f83e50f599b3192d54583fa5414e16388e827
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 457ea91f944cae8393c674447593137c17638e59b6cdb02e683d964a588385d5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE51A122628AC291EA30EB14E8503EFA364FB94780F809532D6DD43A59EF7CE584CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9FF7F40 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103clipboardregistryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Clipboard$CloseEmptyFormatOpenRegister
                                                                                                                                                                                                                                                                            • String ID: HTML Format
                                                                                                                                                                                                                                                                            • API String ID: 2398088879-1098232656
                                                                                                                                                                                                                                                                            • Opcode ID: 3a843edfda840e51e8375d7befbe6a01c590b2b780abbf8cdb59f56be92babad
                                                                                                                                                                                                                                                                            • Instruction ID: 814962aa968eeb6725e64ca04c4b55769d2ee33124ec26a589215e3c9df0d96e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a843edfda840e51e8375d7befbe6a01c590b2b780abbf8cdb59f56be92babad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC41FF3AF15B4589EB08CF65E8A05AC73B4BB48B98B044676DE6E53BACDF38D450C341
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6148E8F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorHandleLastModule
                                                                                                                                                                                                                                                                            • String ID: --product 5$GetModuleHandleW ({})$user32
                                                                                                                                                                                                                                                                            • API String ID: 4242514867-343301812
                                                                                                                                                                                                                                                                            • Opcode ID: 89a565054a88062d09c23707a37f0c71ddc8a0944d36c717d6066ef17c3306f1
                                                                                                                                                                                                                                                                            • Instruction ID: 4bbd6834ca29fb3e0aa85fea75177b2d33ac43b174fd4d9e75e5271d1201a272
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89a565054a88062d09c23707a37f0c71ddc8a0944d36c717d6066ef17c3306f1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3318422E38A5295EB10EB64EC502EEB370FB98308F905537DA4D536A9EF3CD545C721
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E51200 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: ImmSetCompositionWindow$imm32.dll
                                                                                                                                                                                                                                                                            • API String ID: 145871493-3301410851
                                                                                                                                                                                                                                                                            • Opcode ID: 8b9a57e75bbf520d75b3c10848b03bc33e967ed2bddb93120a39a4185c55bf1f
                                                                                                                                                                                                                                                                            • Instruction ID: 582266459f270bd76a79649b3e40a8defe7caa0613587c8232828254886bd663
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b9a57e75bbf520d75b3c10848b03bc33e967ed2bddb93120a39a4185c55bf1f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D01DA26F2AE0784FB5CDB14ADB493022B0BF58744F8555B5C42FC26ECEF2CA195A301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E51100 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: ImmReleaseContext$imm32.dll
                                                                                                                                                                                                                                                                            • API String ID: 145871493-791212443
                                                                                                                                                                                                                                                                            • Opcode ID: 8a29f8f2688b1faad1094b92cc9587e126a0d5c9d35f80fe77071e675488320f
                                                                                                                                                                                                                                                                            • Instruction ID: 29a80f8b45f223668bd4271da8469f24608b8fd542bf87782839a5e5fd619105
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a29f8f2688b1faad1094b92cc9587e126a0d5c9d35f80fe77071e675488320f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A301DA22F2AE0785EB5D9B14AEB593022B4BF58740F8511B5C42F827ECEF2CA1959301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E51430 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: MonitorFromPoint$user32.dll
                                                                                                                                                                                                                                                                            • API String ID: 145871493-355800951
                                                                                                                                                                                                                                                                            • Opcode ID: 69a9d034160bfb4b7b2dda9558480edc0f208fdac75711de411995288723e243
                                                                                                                                                                                                                                                                            • Instruction ID: 8277e356d41243879f11ea770553b1e4b116ceba6d84bf2a7b6358b6a0b57b90
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69a9d034160bfb4b7b2dda9558480edc0f208fdac75711de411995288723e243
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66012C22F2AE0785FB5DEB14ACF493022A1AF69340FC451B5C46E823ECEF2CA0959301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E51300 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: ImmAssociateContext$imm32.dll
                                                                                                                                                                                                                                                                            • API String ID: 145871493-3574938153
                                                                                                                                                                                                                                                                            • Opcode ID: fe98563d1ba8e942816a05232ef5563ad7ca5d55643bbe0049e262ccc8f33408
                                                                                                                                                                                                                                                                            • Instruction ID: a5644d32147fad70334c6e948fd5712009bc939af8060caa9f6ee7a5d4e60023
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe98563d1ba8e942816a05232ef5563ad7ca5d55643bbe0049e262ccc8f33408
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1201EC26F2EE0784EB5CEB14ACB5E3022A1BF58740FC555B5C46E827EDEF2CA1959301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E5DA70 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 214COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDF9E59D69), ref: 00007FFDF9E5DBEB
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDF9E59D69), ref: 00007FFDF9E5DC44
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                            • String ID: image/gif$image/jpeg$image/png
                                                                                                                                                                                                                                                                            • API String ID: 626452242-935766689
                                                                                                                                                                                                                                                                            • Opcode ID: 62ef963f56addf63b0ad572dd74efa384a2342fee7c198afcae2e81a3cf91a59
                                                                                                                                                                                                                                                                            • Instruction ID: 502298f01ac184f5c46d97f75cb3538ee45592b70c64ebc1f0effa57224ed522
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62ef963f56addf63b0ad572dd74efa384a2342fee7c198afcae2e81a3cf91a59
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7918172F09A4681EB58CF15E8A0A7963A5FB44BA8F454135DA2E877ECCF3DE485C301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9EF5A90 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalInitializeSection
                                                                                                                                                                                                                                                                            • String ID: Verdana$screen,desktop
                                                                                                                                                                                                                                                                            • API String ID: 32694325-708148380
                                                                                                                                                                                                                                                                            • Opcode ID: 8edb9ef2a8045b6f1103ecff007a7ce7db9c9a7dcc92296574539a22d1dd2e3c
                                                                                                                                                                                                                                                                            • Instruction ID: 8736c5b8ab3c007e9cd1037cee8960959b21d552e3a45562fc05b4cc61ed30ef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8edb9ef2a8045b6f1103ecff007a7ce7db9c9a7dcc92296574539a22d1dd2e3c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EB12A32B05B81AAD74CCF25E9947A8B7A4F754B08F588129CB6D033A8DF39E175C705
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6323340 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                            • Opcode ID: 381a6d500237744e41076cd60faed1e8d8ea9b30ee736976a1cc267fe10202b0
                                                                                                                                                                                                                                                                            • Instruction ID: 2944bd6846d5a3164fe37e64d169aae19d75bdd90263147a63b1e23aed37ab26
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 381a6d500237744e41076cd60faed1e8d8ea9b30ee736976a1cc267fe10202b0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E811822E2CA4645F332AF34AC4037BE762BF75354F94423BEA5E22594DF3CE5818612
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E8F3D0 Relevance: 7.7, APIs: 5, Instructions: 193COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateObjectSelect$CompatibleDeleteRectSectionWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 837537399-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8994fc94141d6cce755a7da42f098b32634127e7a499687916afbf7aaf0d4519
                                                                                                                                                                                                                                                                            • Instruction ID: c08c518a8da40b87d97118fa1d4ea7c9cac05116458a816d92f800eac9ce398c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8994fc94141d6cce755a7da42f098b32634127e7a499687916afbf7aaf0d4519
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEA13933B09B858AEB14CF65E8906AD77B1FB88748F404126DA5D47BACDF38E545CB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E59E10 Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$CriticalSection$Select$EnterLeave$CompatibleCreateDeleteStock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1060921341-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7bc5da1fb8099f4b971fc5bf9fcec1a988f6277fe5da8432bef1fea6597f8344
                                                                                                                                                                                                                                                                            • Instruction ID: 63b2c368078c286a21667b20023110f371b0e1823441f675896d10f4e02e3c1e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7bc5da1fb8099f4b971fc5bf9fcec1a988f6277fe5da8432bef1fea6597f8344
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A717E32B19A8585EB64DF25E8A06E97360FF88798F404036DA5E83BACDF7DD549C700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9EE8C60 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateFont$CapsDevice
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3852243758-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8b9f34415f542c85c0553978b29112bf19fa1b44da6a65487ca9b0bc65f67f89
                                                                                                                                                                                                                                                                            • Instruction ID: f3b65e42a7d3929f53b178b7a8257171b4f444725aa0744ff28732ed658551e8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b9f34415f542c85c0553978b29112bf19fa1b44da6a65487ca9b0bc65f67f89
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55519E72E096C18BE364CF15E85076ABBA0F7D5784F155229EA8903BA8DF7CD0A0CF00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E61340 Relevance: 7.6, APIs: 5, Instructions: 115windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$CtrlMessageParentSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2382089286-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0ceba806e5aaa3d51fe9f9091c47cc74dccd876c69adcd3a8b10a0554afccf19
                                                                                                                                                                                                                                                                            • Instruction ID: 364dc0da4fae20118ce29b0dee8bde4934fe61cf5f053f1745343318d0765aa6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ceba806e5aaa3d51fe9f9091c47cc74dccd876c69adcd3a8b10a0554afccf19
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0751A133B19B818AEB50CF21E854BA977A4FB88B94F054136EA6D43798DF3CD445C740
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6306594 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: NameName::$Name::operator+
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 826178784-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3a05b8d3083cfb7eef2069f5142eaedcb8ddc49f1f86be000f290b59942dcae2
                                                                                                                                                                                                                                                                            • Instruction ID: ef4e588211a9196cebceb18878f9bb32100e003614384553735ca8d4064cb999
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a05b8d3083cfb7eef2069f5142eaedcb8ddc49f1f86be000f290b59942dcae2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB41B622A2865684F750FB20DC403BEB3B4BB66788BE4403BDA4D13795DF38E509D321
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E629B0A0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetModuleHandleW.KERNEL32 ref: 00007FF7E62ABFE2
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetClassInfoExW.USER32 ref: 00007FF7E62ABFF3
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetLastError.KERNEL32 ref: 00007FF7E62AC001
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: Sleep.KERNEL32 ref: 00007FF7E62AC00E
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC027
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: HeapAlloc.KERNEL32 ref: 00007FF7E62AC042
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: InitializeCriticalSection.KERNEL32 ref: 00007FF7E62AC064
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC06A
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC080
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: RegisterClassExW.USER32 ref: 00007FF7E62AC09F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: HeapFree.KERNEL32 ref: 00007FF7E62AC0CA
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: DeleteCriticalSection.KERNEL32 ref: 00007FF7E62AC0E3
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC0E9
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: HeapFree.KERNEL32 ref: 00007FF7E62AC105
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetLastError.KERNEL32 ref: 00007FF7E62AC116
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 00007FF7E629B0E1
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32 ref: 00007FF7E629B117
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32 ref: 00007FF7E629B184
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7E629B196
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E614B010: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E615A1E4,?,?,?,?,?,?,00000000), ref: 00007FF7E614B03F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6311908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E631192D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$CriticalSection$Free$AllocClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                            • String ID: asw::log::context::TlsIndex
                                                                                                                                                                                                                                                                            • API String ID: 1441953332-143919551
                                                                                                                                                                                                                                                                            • Opcode ID: 91079f6c9c188147662e441c08fe47bb8ccfd759dec3a67fe1c0525f2baeb934
                                                                                                                                                                                                                                                                            • Instruction ID: bb8b5ffcb613e6e733cf690db9accf94f0991304b47ae5316bc6f19067d5f163
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91079f6c9c188147662e441c08fe47bb8ccfd759dec3a67fe1c0525f2baeb934
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD319461A28B4585EA60EB16FC442ABF3A4FF99BC0F844036EE8D47765DF3CE4418761
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E65B80 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$CtrlDestroyMessageParentSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2943902463-0
                                                                                                                                                                                                                                                                            • Opcode ID: fa1b026d3b9e797cad471d7b4637ab1a2ccae18ee2d3d70810bd7b92399d91e5
                                                                                                                                                                                                                                                                            • Instruction ID: e15e07753434d7d603627f22874d28c773a544e077b58539139ffce5c1e2e6a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa1b026d3b9e797cad471d7b4637ab1a2ccae18ee2d3d70810bd7b92399d91e5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A318232B19B4586EB14CF11E8A496973A4FB89BD0F554035DAAE477A8CF3DE444C700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA124BDC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                            • Opcode ID: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                                                                                                                            • Instruction ID: 7578feb2c1094d0419bf5028bbe7778d493f11d67e9e56bd05c6a3ed6e5139ab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97113D23F18A0205F7AC212CE5B6B7510C1AFD53B0E1A4AB4EE7E062DECE1CE8704104
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6322D60 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF7E6311DC3,?,?,00000000,00007FF7E631205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7E6311FEA), ref: 00007FF7E6322D7F
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7E6311DC3,?,?,00000000,00007FF7E631205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7E6311FEA), ref: 00007FF7E6322D9E
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7E6311DC3,?,?,00000000,00007FF7E631205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7E6311FEA), ref: 00007FF7E6322DC6
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7E6311DC3,?,?,00000000,00007FF7E631205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7E6311FEA), ref: 00007FF7E6322DD7
                                                                                                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7E6311DC3,?,?,00000000,00007FF7E631205E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7E6311FEA), ref: 00007FF7E6322DE8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                            • Opcode ID: 80e2ecaf75b9daef85b0907b24bccb813e8ddbdfc0573dcf4a9ac381beed7e03
                                                                                                                                                                                                                                                                            • Instruction ID: 7ad38851264c216c7c466d0453279b947dc17c4c6700e3e4b2862aefd0bb4c9d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80e2ecaf75b9daef85b0907b24bccb813e8ddbdfc0573dcf4a9ac381beed7e03
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB116A60E2868241FA697735AD5133BD1835F643B0EC8933EE93D066D6DE3CB94242B2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6158780 Relevance: 7.5, APIs: 5, Instructions: 46fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1177325624-0
                                                                                                                                                                                                                                                                            • Opcode ID: 05bca94fc9ecedc63a5a5d5e75427669ac9654afb3b2da4e1f50cb57b9493237
                                                                                                                                                                                                                                                                            • Instruction ID: 3cbc6b9fb645966cab8a927cd66ea86fbc53e06bd9098a8048fc0047625729fc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05bca94fc9ecedc63a5a5d5e75427669ac9654afb3b2da4e1f50cb57b9493237
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21119A3162874282E750AF11FD1476BF7A4FB94BA0F901236DA9D07B94CF3CD0408B51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62A0DF0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Volume$NameNamesPath$ErrorLast
                                                                                                                                                                                                                                                                            • String ID: Unable to retrieve volume paths for volume '{}'!
                                                                                                                                                                                                                                                                            • API String ID: 1243668693-190204307
                                                                                                                                                                                                                                                                            • Opcode ID: 2034f957ddcd8b5821fdb759ce654ccc302cce9956f6b95dac8c8b54438dfec7
                                                                                                                                                                                                                                                                            • Instruction ID: 37536deddb699b444e2bf7eb896398999148c62db457023743c3d9a143c5b6d1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2034f957ddcd8b5821fdb759ce654ccc302cce9956f6b95dac8c8b54438dfec7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84717A22F14B419AE700EBB0D8503EE73B5EB54B8CF805526DE4C67A99EF38E194C390
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61E6E20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62FCDF0: AcquireSRWLockExclusive.KERNEL32(?,?,0000021D4582AC90,00007FF7E6148681), ref: 00007FF7E62FCE00
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00007FF7E614327D), ref: 00007FF7E61E6E76
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF7E614327D), ref: 00007FF7E61E6E8B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AcquireAddressExclusiveHandleLockModuleProc
                                                                                                                                                                                                                                                                            • String ID: Kernel32.dll$QueryUnbiasedInterruptTime
                                                                                                                                                                                                                                                                            • API String ID: 956071019-196062801
                                                                                                                                                                                                                                                                            • Opcode ID: eb059e61b2bc2bbd1608e6bbba92f222166dc37c2d3b7503d4bc1fbde52abc57
                                                                                                                                                                                                                                                                            • Instruction ID: af37adde9bc28ea67ae07a718645cbaaeadafcba4b9f7781d17e060525f0f139
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb059e61b2bc2bbd1608e6bbba92f222166dc37c2d3b7503d4bc1fbde52abc57
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36213D65A29B06C2EB50EB15FC6537AB360AF98B90FC04036D94E463A4DF3CE5458762
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62FF758 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileHeader
                                                                                                                                                                                                                                                                            • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad read pointer - no RTTI data!
                                                                                                                                                                                                                                                                            • API String ID: 104395404-1147069514
                                                                                                                                                                                                                                                                            • Opcode ID: 79bd369efcde9b589b6606b498f8a207d59fca0eacc0e166345d7e54829c20c2
                                                                                                                                                                                                                                                                            • Instruction ID: d4a650d6696b3a1cad9ad8f00d950316ee96b80b17815de4aaa225122efa89a8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79bd369efcde9b589b6606b498f8a207d59fca0eacc0e166345d7e54829c20c2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3115162A29A0691EE10EB10EC513BAE324FF54744FC06533D54D07269DE7CD629C726
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA0F6D98 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FFDFA0F6E1B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                            • API String ID: 389471666-631824599
                                                                                                                                                                                                                                                                            • Opcode ID: c7a5b931e320c613622e774ec9a284f95befe919061ece926cb0586053756653
                                                                                                                                                                                                                                                                            • Instruction ID: 32b2f023f0962bbee7d1f9c9c19c12b856e929380fc4050ab0016bd1dc1e6448
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7a5b931e320c613622e774ec9a284f95befe919061ece926cb0586053756653
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E116D33F14B86A7E7489B22E9747B932A5FF44355F404174D62D82A98EF7CE4A8C700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6141F80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                            • String ID: Kernel32.dll$SetThreadDescription
                                                                                                                                                                                                                                                                            • API String ID: 1646373207-1724334159
                                                                                                                                                                                                                                                                            • Opcode ID: acde162fa1650809f76d8ca1c968404e41490623bfd928ccd4f913779c58eee0
                                                                                                                                                                                                                                                                            • Instruction ID: d7493be1fb8895b912b7afb71fa7fda826ce6a6656699ee44b9e31503bd45afe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acde162fa1650809f76d8ca1c968404e41490623bfd928ccd4f913779c58eee0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05E0E624F66B03D1EA54BB41BC95775A3D47B65740FD0003EC50D05364FE3CA2998362
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6141FC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                            • String ID: GetThreadDescription$Kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 1646373207-415897907
                                                                                                                                                                                                                                                                            • Opcode ID: 94cdc5890585aa8baaea62c159fda408bfcb0cb6a30c91faeaf48d3c99391d8f
                                                                                                                                                                                                                                                                            • Instruction ID: fd3a95ea0349f7c6c663512c7655ae2ed4a73472b97e1243caa01af2b9384417
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94cdc5890585aa8baaea62c159fda408bfcb0cb6a30c91faeaf48d3c99391d8f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4E0B628E6AB0281EA54BB41BC55766A3A47B69B40FC0003EC54D06360EF3CA15AC322
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6141740 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                            • String ID: RtlDllShutdownInProgress$ntdll.dll
                                                                                                                                                                                                                                                                            • API String ID: 1646373207-582119455
                                                                                                                                                                                                                                                                            • Opcode ID: 9b2d8a89bf8050a57fdf8dfc980f09e5ca4a0676aeac1c7b6e4e6e761ebe8ed8
                                                                                                                                                                                                                                                                            • Instruction ID: dbe7367b6890848ee08dc4f11fa4b7f06db99e669129a11ab79ae62ed45db3d9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b2d8a89bf8050a57fdf8dfc980f09e5ca4a0676aeac1c7b6e4e6e761ebe8ed8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96D0C724D69B02D1D904BB01FC551A6B2607F64B40FC1003BC40D053689F3C559AC355
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9F3DFC0 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 381COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                                                                                            • String ID: *;base64$data$file
                                                                                                                                                                                                                                                                            • API String ID: 1452528299-513602561
                                                                                                                                                                                                                                                                            • Opcode ID: 730b7fda3363a7a97518230974566566fb9f62d7927c9fd2391e28833e49dc55
                                                                                                                                                                                                                                                                            • Instruction ID: e6dcc0e59f93411717abe0b65c1ba9d71d9ec3bf73c59a73ef5ca9ed965ac5e4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 730b7fda3363a7a97518230974566566fb9f62d7927c9fd2391e28833e49dc55
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B026B72F19B8286EB51CF11E8609A963A5FF84798F044176EEAE03A9CDF3CD495C701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA11D03C Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                            • Opcode ID: 548bc41e98c4b86e5c757983054e4e622bd0c2875a0bbb22fc31d376d3120db3
                                                                                                                                                                                                                                                                            • Instruction ID: e5292de0ea16064d1e344f809db2962f5a2182cb35534bba0342be67a09ed96f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 548bc41e98c4b86e5c757983054e4e622bd0c2875a0bbb22fc31d376d3120db3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14D10F23F08A859AE715CF79D460AAC37B9FB04798B054272CE6D97BD9DE38E406C700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA11DA18 Relevance: 6.2, APIs: 4, Instructions: 217COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,00000000,00000000,00007FFDFA11D9B8), ref: 00007FFDFA11DB3B
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,00000000,00000000,00007FFDFA11D9B8), ref: 00007FFDFA11DBC5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8a73efa67d0a80e439b16d3a274dfeda73f83794703c4c33bd01d8837c12580b
                                                                                                                                                                                                                                                                            • Instruction ID: 0f3cb1505d8b095a14c42acca89c7736ffdf82d062245beea97934d900e0e721
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a73efa67d0a80e439b16d3a274dfeda73f83794703c4c33bd01d8837c12580b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D91E363F1865665FB58CB25D4A0ABD27A8FB44788F464176DE1E536D8DF38E442C300
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9F6BB80 Relevance: 6.2, APIs: 4, Instructions: 167COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 73155330-0
                                                                                                                                                                                                                                                                            • Opcode ID: 088efa5a63bcbd0124b70cdbd42fa55667639c7ac85f8e83b404e42c9efd1787
                                                                                                                                                                                                                                                                            • Instruction ID: 68dfa0b78194e2df66b971ff865e3d391fd45268e02d38a60877b9a892813e06
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 088efa5a63bcbd0124b70cdbd42fa55667639c7ac85f8e83b404e42c9efd1787
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C41D222F09B8585EB149F11E86076963A0EF447A4F840631EBAC07BDDDF7CD0E18300
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6146F10 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                            • String ID: to_wide<char> invalid arguments$to_wide<char>::MultiByteToWideChar
                                                                                                                                                                                                                                                                            • API String ID: 626452242-363086301
                                                                                                                                                                                                                                                                            • Opcode ID: c1d3aff068a6961f82c483406bb8a6da90c8ed2e1e2c5aa681ee8eb1366b77b7
                                                                                                                                                                                                                                                                            • Instruction ID: e1d22db81d951591dbb8797a4274284a4feb0c96e1348be6220d5c7b6bbfce55
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1d3aff068a6961f82c483406bb8a6da90c8ed2e1e2c5aa681ee8eb1366b77b7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB51E162A29B4681EB11AF11FC4027AA7A0FF547C4F805136EB5E47794EF3CE992C721
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62FBDD0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E62FBDA5,?,?,?,?,?,00007FF7E61AE439), ref: 00007FF7E62FBE1F
                                                                                                                                                                                                                                                                            • SleepConditionVariableSRW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E62FBDA5,?,?,?,?,?,00007FF7E61AE439), ref: 00007FF7E62FBE72
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7E62FBEB3
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E62FBDA5,?,?,?,?,?,00007FF7E61AE439), ref: 00007FF7E62FBF05
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$Release$AcquireConditionSleepVariable
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3114648011-0
                                                                                                                                                                                                                                                                            • Opcode ID: 680c0b1c09a4b617edf37afe2d479c7f3caf95b752d914f4a7d15c6999fc97ee
                                                                                                                                                                                                                                                                            • Instruction ID: 597a51d67613e5a2da9bf7321ffd34488d4f3491a605571752c7d8a814baa764
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 680c0b1c09a4b617edf37afe2d479c7f3caf95b752d914f4a7d15c6999fc97ee
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C412532B14B0589EB049F66EC402AD77B8F748B88B944836DE5D63B68CF38C551C3A0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E583EB Relevance: 6.1, APIs: 4, Instructions: 83timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Timer$ClickCriticalDoubleLeaveSectionTime
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2419403106-0
                                                                                                                                                                                                                                                                            • Opcode ID: fae24213e3fae00e7dc0258f7674dc812b3580b847df48be692642558f82a758
                                                                                                                                                                                                                                                                            • Instruction ID: 1bd779b51d4630c7cb167845134e9c52a5432d947803cc62b01b0ec9c28c65f5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fae24213e3fae00e7dc0258f7674dc812b3580b847df48be692642558f82a758
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6318336B0568587EB5DCF35D9A4AA867A0FB88B98F015132CF2E437A8DF39E451C701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA03BA7C Relevance: 6.1, APIs: 4, Instructions: 82fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$View$CloseCreateHandle$FlushMappingPointerSizeUnmap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3155271917-0
                                                                                                                                                                                                                                                                            • Opcode ID: 62ea8aac5d68d08669b2edcb40b9ba728acba27dfe05417d750dd6746aa25f17
                                                                                                                                                                                                                                                                            • Instruction ID: 5de906f88bc4250bf0bb174830e57c5625c155980b8c125a17067e5303c2fa71
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62ea8aac5d68d08669b2edcb40b9ba728acba27dfe05417d750dd6746aa25f17
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4831A332B15B4686E728CF25E464B6877A0E785B68F148274CAAD077CCCF7CD496C740
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6147380 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D090: InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7E61473C1,?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E629D0D1
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D090: DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7E61473C1,?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E629D0EA
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E629D090: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7E61473C1,?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E629D147
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E61473E0
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7E6147421
                                                                                                                                                                                                                                                                            • CreateEventW.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF7E614E455), ref: 00007FF7E6147455
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7E614746F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$Leave$CloseCreateDeleteEnterEventHandleInitialize
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3435541109-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7ceebc4d21dda67de2663af34d9d484331b1d62e2e2e7ad30eb5919ab472311b
                                                                                                                                                                                                                                                                            • Instruction ID: cecd76374ae8f5e542da2508329e9938d641d78365402682c5f038c47a6b84b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ceebc4d21dda67de2663af34d9d484331b1d62e2e2e7ad30eb5919ab472311b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5431CA32928B8182E761AF20F85037BFBA0FB84784F584532DA8D07695DF3CE491C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E56A70 Relevance: 6.1, APIs: 4, Instructions: 71timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterKillLeaveTimer
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 610966039-0
                                                                                                                                                                                                                                                                            • Opcode ID: 868e3b62bdc0e598769bf47c514ee1bb38954fd9c6d129a3984b25e98c581eb6
                                                                                                                                                                                                                                                                            • Instruction ID: 6975f5b91066bf4f4cd73fe47d998d986ee6df2b48ff83f3c53d454adc0a88c4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 868e3b62bdc0e598769bf47c514ee1bb38954fd9c6d129a3984b25e98c581eb6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE218B22F08A4486EB14CF12E8A4A786360FB49FE9F094170DE6E473A8CF3DD8468301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9ED39D0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$Select$DeleteStock$Restore
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1104070528-0
                                                                                                                                                                                                                                                                            • Opcode ID: 169e6997262693d51f6c91a7e7944431bef4d0fa5a52395bc94de3ff481a0b20
                                                                                                                                                                                                                                                                            • Instruction ID: 69a99400a7c9d21aa2a838156621010292d2b6167229f8cf0272dd3f2401be09
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 169e6997262693d51f6c91a7e7944431bef4d0fa5a52395bc94de3ff481a0b20
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E521053AB09B8685EB44DF12E8A46696365FB89FD8F058032DE5E177A8CF3DE045C701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E93AF0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3473537107-0
                                                                                                                                                                                                                                                                            • Opcode ID: 563f578dca38d9df82651b7f70091872d7399ed5977b05348d40c68b0953d807
                                                                                                                                                                                                                                                                            • Instruction ID: f5a88679b83db2efb1b05925cfd9f0260c5ea3d5b69109fb10771519bb34b881
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 563f578dca38d9df82651b7f70091872d7399ed5977b05348d40c68b0953d807
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD010C32B1AB4282DB14CF5AF49442963B0EF89BC8B155075DA6E47BACEF3CD5908700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9F09D60 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F09C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09C95
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F09C70: LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09CD6
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F09C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09CE8
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F09C70: LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09D1C
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F09C70: SetEvent.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09D34
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F09C70: Sleep.KERNEL32(?,?,?,?,?,00007FFDF9F09E39,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09D3F
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00007FFDF9F09E47,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09D9A
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00007FFDF9F09E47,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09DAA
                                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,00007FFDF9F09E47,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09DB4
                                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,00007FFDF9F09E47,?,?,?,?,?,00007FFDF9EF65A0), ref: 00007FFDF9F09DBE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$CloseDeleteEnterHandleLeave$EventSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 466394505-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6c91f359a65cff02480ddf6adbf3c623b61f5d6339468b833ee91256196738aa
                                                                                                                                                                                                                                                                            • Instruction ID: d1c706e7eb641f76d827268712baa685385fcf5c0a0e85007c143128fba0d639
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c91f359a65cff02480ddf6adbf3c623b61f5d6339468b833ee91256196738aa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C117022F19A4282EB04DF25E9646396360FF84FA8F184230DA6E472EDDF3CE480C341
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA0D4BD4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3311d8900f50d74eed5f0bd0bd167658aa9ceff4b26735e670f77e0f6c0eccac
                                                                                                                                                                                                                                                                            • Instruction ID: eb775fca4e6300e0d2283d595161290244aa363f5dae2d4dd8281297ea901c3a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3311d8900f50d74eed5f0bd0bd167658aa9ceff4b26735e670f77e0f6c0eccac
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98113022B14F058AEB00DF60E8646B833A4F759758F441E35DA6D87BA8DF7CE1948340
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E80EC7 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CapsDeviceRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 127614599-0
                                                                                                                                                                                                                                                                            • Opcode ID: ae3cb80f6c2c2efc911e4c089b7beb7df0c8adc20d42a2af364763170054fe31
                                                                                                                                                                                                                                                                            • Instruction ID: 0a3f64edb3028c02a0ce8986d6109c08a13f0f9599adf7e9100d9b549b18e97e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae3cb80f6c2c2efc911e4c089b7beb7df0c8adc20d42a2af364763170054fe31
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7014F32F0A6028BEB5C8F11E8709772262EB84761F159079C92E47BECDE3DE8418701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E80EB0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CapsDeviceRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 127614599-0
                                                                                                                                                                                                                                                                            • Opcode ID: 074dfdf781d8195f9939fc186360330b00a0f7a9974dc9d8f2d1a4f8b3bde94d
                                                                                                                                                                                                                                                                            • Instruction ID: c87c5d9c238fcde8134e56f8dc21456f499f6b7143808b6eade4fd29f66134c4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 074dfdf781d8195f9939fc186360330b00a0f7a9974dc9d8f2d1a4f8b3bde94d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A301E131F096029BEB5C8F51E8709766262EB84751F159078C96E47AECDF3DE8819701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E80ECF Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CapsDeviceRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 127614599-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3a5be9a3e041a85626639533f362eb26931805878ba46ff7c410e41df7de97fa
                                                                                                                                                                                                                                                                            • Instruction ID: 6c87eb84541de6cd26355b9887aecb34901f5eb04cc62d5654d7e104e5809617
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a5be9a3e041a85626639533f362eb26931805878ba46ff7c410e41df7de97fa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9011231F096029BEB4C8F11E8709776266EB85751F159079C96E477ECDF3DE8418700
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E56A00 Relevance: 6.0, APIs: 4, Instructions: 26memorythreadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocCurrentHookThreadValueWindows
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4130353779-0
                                                                                                                                                                                                                                                                            • Opcode ID: 695f48a55107916c5b5a6fba6d90b5a8c48ff20600f8bdf64f6862ab40be1edf
                                                                                                                                                                                                                                                                            • Instruction ID: 14c525ecbb67fda3685c76df5969a2532eca415c284d12cb91445fd656a87fa8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 695f48a55107916c5b5a6fba6d90b5a8c48ff20600f8bdf64f6862ab40be1edf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42F01821F0A5068AF7486F249CE4D7433A5AF04B78F545675C43E812ECDF2CB5859702
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6163900 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 354COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7E6163B5B
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62F99A0: MultiByteToWideChar.KERNEL32 ref: 00007FF7E62F99BC
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62F99A0: GetLastError.KERNEL32 ref: 00007FF7E62F99CA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide__std_fs_convert_narrow_to_wide
                                                                                                                                                                                                                                                                            • String ID: \u{$\x{
                                                                                                                                                                                                                                                                            • API String ID: 1033888727-3325273574
                                                                                                                                                                                                                                                                            • Opcode ID: 1d4a1d8512161649a1b2b80a99d9d91d3d3f9ad984632afaf44040893673d351
                                                                                                                                                                                                                                                                            • Instruction ID: 1b0a521501841aaaa941e5571d60a569bb88ebc0f8c2d63d675e1ec3ffd1b898
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d4a1d8512161649a1b2b80a99d9d91d3d3f9ad984632afaf44040893673d351
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F12E66A18B8581DB159F25D99037EB761F754F88F849023CE9E07368CF38D455C3A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDFA134A88 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                                                                                                            • String ID: !$acos
                                                                                                                                                                                                                                                                            • API String ID: 1156100317-2870037509
                                                                                                                                                                                                                                                                            • Opcode ID: 31be59d681f5875a1ea6259157b6e7771ad8ef8f1f89de3d94bc0a52fbaf5065
                                                                                                                                                                                                                                                                            • Instruction ID: 031b754e519967f8489aa2d352bec56dfb2524216a6abfd8e5d6d2b4e6bdbaf4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31be59d681f5875a1ea6259157b6e7771ad8ef8f1f89de3d94bc0a52fbaf5065
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B61B523E18F4589E36B8F349470636A754AF663D5F128373E96E759ECDF2CE0828600
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E629EE20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                            • String ID: {}\{}{:016x}.{}
                                                                                                                                                                                                                                                                            • API String ID: 3188754299-3450286142
                                                                                                                                                                                                                                                                            • Opcode ID: de8a899979aa8f4f515d188417843ac1c5bcac90874175aed9c360a84c988a9c
                                                                                                                                                                                                                                                                            • Instruction ID: 6311d7d5aecd09bb77e7cdac04d2663f1f5e5a5fa7ce7a23bb2173d5abefb2c9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de8a899979aa8f4f515d188417843ac1c5bcac90874175aed9c360a84c988a9c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8519C32A14B4489E710DF29E8403AEB3B5FB98B58F504636EE9C57798EF38D555C380
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E62FF5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileFindHeaderInstanceTargetType
                                                                                                                                                                                                                                                                            • String ID: Bad dynamic_cast!
                                                                                                                                                                                                                                                                            • API String ID: 746355257-2956939130
                                                                                                                                                                                                                                                                            • Opcode ID: 0b1c4c63bc5d65e6d1dc6229b1f424cc18444af0b7650428ac4c90b22d9ed6fd
                                                                                                                                                                                                                                                                            • Instruction ID: 54f57dbf9bbed6b2a2e72666dee38a9bd0c84b352fe7891298f2eb197ae75211
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b1c4c63bc5d65e6d1dc6229b1f424cc18444af0b7650428ac4c90b22d9ed6fd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B31B522728A8682EA60DB51EC807BBA394BB44F84F509537EE5D53B54DF3CE011C716
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9ED4D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Stretch$BitsMode
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 661349847-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: 9d0d8c99162b6b7d63b3ac01ed0f341d15b9ba6278a4d7d8de03f50186e73d33
                                                                                                                                                                                                                                                                            • Instruction ID: ec016fceddf195fb08b2ad16a0692266dbce3a02b51a782427751bf314ec7981
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d0d8c99162b6b7d63b3ac01ed0f341d15b9ba6278a4d7d8de03f50186e73d33
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F314B73604A848AD715CF26E494A19B7A4F788BD4F618125EF9D43B28DF38D846CB00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E5101D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                            • String ID: GetLayeredWindowAttributes
                                                                                                                                                                                                                                                                            • API String ID: 3013587201-2043642294
                                                                                                                                                                                                                                                                            • Opcode ID: 59af1b8a7a66b1cc024bc8ff406001f10c387c2e99cf1d6b3eaad134a9fc14e5
                                                                                                                                                                                                                                                                            • Instruction ID: 46cc551f4e0283ac00f7c65b7bef8a9d16ca9d9003e380754f4fd4238183acb8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59af1b8a7a66b1cc024bc8ff406001f10c387c2e99cf1d6b3eaad134a9fc14e5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EF01D22F2EE0785FB5C9B24ADB493522B4BF58700F8515B5C42F827DCEF2CA1969302
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9F3EAD0 Relevance: 5.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 00007FFDF9F3EB80
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FFDF9F3EC02
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 00007FFDF9F3EC0D
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FFDF9F3EC23
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F3E5B0: GetVersionExA.KERNEL32 ref: 00007FFDF9F3E666
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F3E5B0: GetVersionExA.KERNEL32 ref: 00007FFDF9F3E681
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F6B730: InitializeCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F3EB3B), ref: 00007FFDF9F6B75B
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F6B730: InitializeCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF9F3EB3B), ref: 00007FFDF9F6B765
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F6B730: CreateEventA.KERNEL32(?,?,?,?,?,00007FFDF9F3EB3B), ref: 00007FFDF9F6B775
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F6B730: CreateThread.KERNEL32 ref: 00007FFDF9F6B79C
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F6B730: CreateThread.KERNEL32 ref: 00007FFDF9F6B7E4
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F6B730: CreateThread.KERNEL32 ref: 00007FFDF9F6B82C
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FFDF9F6B730: CreateThread.KERNEL32 ref: 00007FFDF9F6B874
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$Create$Thread$EnterInitializeLeaveVersion$Event
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1428177548-0
                                                                                                                                                                                                                                                                            • Opcode ID: 65fabc98668ba1631a572e9c572512547e7929f4190ccd30efe1f85db9ed1bfd
                                                                                                                                                                                                                                                                            • Instruction ID: a05b4a87ca704549167378f43535171928ee35ee4974c5d6a5fc6a0d51a7fad3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65fabc98668ba1631a572e9c572512547e7929f4190ccd30efe1f85db9ed1bfd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4415C33E08B8186DB15CF21E96056977A4FB99B54B064275EB9E43BA9DF38E4E1C300
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FFDF9E8DB90 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2984846767.00007FFDF9E51000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDF9E50000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984819845.00007FFDF9E50000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985217504.00007FFDFA15D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985313276.00007FFDFA205000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985347080.00007FFDFA206000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985371254.00007FFDFA207000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985397160.00007FFDFA208000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985434495.00007FFDFA209000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985469241.00007FFDFA20C000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985508693.00007FFDFA212000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2985542184.00007FFDFA216000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffdf9e50000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2801635615-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3a93f4549bb2683d1f824d4875882c976e09b7ed53900bae051f908dfeea241f
                                                                                                                                                                                                                                                                            • Instruction ID: 054b89ea60bcea9f1011cd7c0c1a74296f9f6e1e1e8cbc9ae4ded08a990cacff
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a93f4549bb2683d1f824d4875882c976e09b7ed53900bae051f908dfeea241f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D931A076F0660586EB65CF55E99896873A0FB44B90F418031CF6E437E8CF39E89AC701
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E6151710 Relevance: 5.1, APIs: 4, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetModuleHandleW.KERNEL32 ref: 00007FF7E62ABFE2
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetClassInfoExW.USER32 ref: 00007FF7E62ABFF3
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetLastError.KERNEL32 ref: 00007FF7E62AC001
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: Sleep.KERNEL32 ref: 00007FF7E62AC00E
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC027
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: HeapAlloc.KERNEL32 ref: 00007FF7E62AC042
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: InitializeCriticalSection.KERNEL32 ref: 00007FF7E62AC064
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC06A
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC080
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: RegisterClassExW.USER32 ref: 00007FF7E62AC09F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: HeapFree.KERNEL32 ref: 00007FF7E62AC0CA
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: DeleteCriticalSection.KERNEL32 ref: 00007FF7E62AC0E3
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC0E9
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: HeapFree.KERNEL32 ref: 00007FF7E62AC105
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetLastError.KERNEL32 ref: 00007FF7E62AC116
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 00007FF7E6151756
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32 ref: 00007FF7E6151793
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32 ref: 00007FF7E615181D
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7E615182F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E614B010: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E615A1E4,?,?,?,?,?,?,00000000), ref: 00007FF7E614B03F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6311908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E631192D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$CriticalSection$Free$AllocClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1441953332-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3603b45df625fc18cc257f64d94fe1af63af281d1f6f8cf00df84c35f9a2e23b
                                                                                                                                                                                                                                                                            • Instruction ID: 8fc15eef2f0e95addb9942851914d94f24cc532663625564f58c871290015653
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3603b45df625fc18cc257f64d94fe1af63af281d1f6f8cf00df84c35f9a2e23b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF31FF22A28B4185EA51EB16FC046ABF3A5FF9ABC0F954036EE9D47718DF3CE4408351
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00007FF7E61515E0 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetModuleHandleW.KERNEL32 ref: 00007FF7E62ABFE2
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetClassInfoExW.USER32 ref: 00007FF7E62ABFF3
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetLastError.KERNEL32 ref: 00007FF7E62AC001
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: Sleep.KERNEL32 ref: 00007FF7E62AC00E
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC027
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: HeapAlloc.KERNEL32 ref: 00007FF7E62AC042
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: InitializeCriticalSection.KERNEL32 ref: 00007FF7E62AC064
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC06A
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC080
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: RegisterClassExW.USER32 ref: 00007FF7E62AC09F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: HeapFree.KERNEL32 ref: 00007FF7E62AC0CA
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: DeleteCriticalSection.KERNEL32 ref: 00007FF7E62AC0E3
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetProcessHeap.KERNEL32 ref: 00007FF7E62AC0E9
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: HeapFree.KERNEL32 ref: 00007FF7E62AC105
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E62ABF70: GetLastError.KERNEL32 ref: 00007FF7E62AC116
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 00007FF7E6151623
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32 ref: 00007FF7E6151655
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32 ref: 00007FF7E61516C2
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7E61516D4
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E614B010: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF7E615A1E4,?,?,?,?,?,?,00000000), ref: 00007FF7E614B03F
                                                                                                                                                                                                                                                                              • Part of subcall function 00007FF7E6311908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E631192D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2983997261.00007FF7E6141000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7E6140000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2983971597.00007FF7E6140000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984246612.00007FF7E6382000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984360969.00007FF7E6463000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984399287.00007FF7E6465000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984426033.00007FF7E646E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984449779.00007FF7E6471000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984484893.00007FF7E6476000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984515853.00007FF7E6477000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984555721.00007FF7E647F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984580014.00007FF7E6481000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984618522.00007FF7E6483000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984656312.00007FF7E6484000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64D5000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984711218.00007FF7E64DA000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2984775918.00007FF7E64DF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff7e6140000_Instup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$CriticalSection$Free$AllocClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1441953332-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4affbfd2ea972e4569d3eabf6e0fa1c8bf18e4b70590a6aed85c7e18a40c75c7
                                                                                                                                                                                                                                                                            • Instruction ID: 6aabd90d74e3d283f531f7e54f001e749b4d37689709d1fd6d624976999ca798
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4affbfd2ea972e4569d3eabf6e0fa1c8bf18e4b70590a6aed85c7e18a40c75c7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A31C032A28B4581EA51AB16FC042AAF3A5FB59BC0B884036DE5D47765DF7CE4418361
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%